CVE-2022-49890

Summary

In the Linux kernel, the following vulnerability has been resolved:

capabilities: fix potential memleak on error path from vfs_getxattr_alloc()

In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(…), there will be a memleak in below logic:

|– ret = (int)vfs_getxattr_alloc(mnt_userns, …) | /* ^^^ alloc for tmpbuf */ |– value = krealloc(xattr_value, error + 1, flags) | / ^^^ alloc memory / |– error = handler->get(handler, …) | / error! */ |– xattr_value = value | / xattr_value is &tmpbuf (memory leak!) */

So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.

[PM: subject line and backtrace tweaks]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < 6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85affected
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < 90577bcc01c4188416a47269f8433f70502abe98affected
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < 0c3e6288da650d1ec911a259c77bc2d88e498603affected
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < cdf01c807e974048c43c7fd3ca574f6086a57906affected
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < 2de8eec8afb75792440b8900a01d52b8f6742fd1affected
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < 7480aeff0093d8c54377553ec6b31110bea37b4daffected
LinuxLinux8db6c34f1dbc8e06aa016a9b829b06902c3e1340 < 8cf0a1bc12870d148ae830a4ba88cfdf0e879ceeaffected
LinuxLinux4.14affected
LinuxLinux0 < 4.14unaffected
LinuxLinux4.14.299 <= 4.14.*unaffected
LinuxLinux4.19.265 <= 4.19.*unaffected
LinuxLinux5.4.224 <= 5.4.*unaffected
LinuxLinux5.10.154 <= 5.10.*unaffected
LinuxLinux5.15.78 <= 5.15.*unaffected
LinuxLinux6.0.8 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References