CVE-2022-49891

Summary

In the Linux kernel, the following vulnerability has been resolved:

tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()

test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak when there is no failure. Move kfree(buf) from fail path to common path to prevent the memleak. The same reason and solution in test_gen_kretprobe_cmd().

unreferenced object 0xffff888143b14000 (size 2048): comm "insmod", pid 52490, jiffies 4301890980 (age 40.553s) hex dump (first 32 bytes): 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys backtrace: [<000000006d7b836b>] kmalloc_trace+0x27/0xa0 [<0000000009528b5b>] 0xffffffffa059006f [<000000008408b580>] do_one_initcall+0x87/0x2a0 [<00000000c4980a7e>] do_init_module+0xdf/0x320 [<00000000d775aad0>] load_module+0x3006/0x3390 [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0 [<000000003726480d>] do_syscall_64+0x35/0x80 [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Affected Software

VendorProductVersion RangeStatus
LinuxLinux64836248dda20c8e7427b493f7e06d9bf8f58850 < bef08acbe560a926b4cee9cc46404cc98ae5703baffected
LinuxLinux64836248dda20c8e7427b493f7e06d9bf8f58850 < d1b6a8e3414aeaa0985139180c145d2d0fbd2a49affected
LinuxLinux64836248dda20c8e7427b493f7e06d9bf8f58850 < 71aeb8d01a8c7ab5cf7da3f81b35206f56ce6bcaaffected
LinuxLinux64836248dda20c8e7427b493f7e06d9bf8f58850 < 66f0919c953ef7b55e5ab94389a013da2ce80a2caffected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux5.10.154 <= 5.10.*unaffected
LinuxLinux5.15.78 <= 5.15.*unaffected
LinuxLinux6.0.8 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References