CVE-2022-50707

Summary

In the Linux kernel, the following vulnerability has been resolved:

virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()

'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed in the invalid ctrl_status->status error handling case. Otherwise there is a memory leak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4ee475e76b5ea8061970a7c867ffa5eedeb39580 < 79026a2d0a1b080257773d22a493f9bcab8c65beaffected
LinuxLinux0756ad15b1fef287d4d8fa11bc36ea77a5c42e4a < 67fb59ff1384e338679c0eb7a43c83ce8868c9faaffected
LinuxLinux0756ad15b1fef287d4d8fa11bc36ea77a5c42e4a < 0871df190fe6723464efe0f493d476411616f553affected
LinuxLinux0756ad15b1fef287d4d8fa11bc36ea77a5c42e4a < b1d65f717cd6305a396a8738e022c6f7c65cfbe8affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.0.19 <= 6.0.*unaffected
LinuxLinux6.1.5 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References