CVE-2022-49256
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49256
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49256.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49256
- Downstream
- Related
- Published
- 2025-02-26T01:56:10Z
- Modified
- 2025-10-15T20:07:25.980830Z
- Summary
- watch_queue: Actually free the watch
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Actually free the watch
free_watch() does everything barring actually freeing the watch object. Fix this by adding the missing kfree.
kmemleak produces a report something like the following. Note that as an address can be seen in the first word, the watch would appear to have gone through call_rcu().
BUG: memory leak unreferenced object 0xffff88810ce4a200 (size 96): comm "syz-executor352", pid 3605, jiffies 4294947473 (age 13.720s) hex dump (first 32 bytes): e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H............. 80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff8214e6cc>] kmalloc include/linux/slab.h:581 [inline] [<ffffffff8214e6cc>] kzalloc include/linux/slab.h:714 [inline] [<ffffffff8214e6cc>] keyctlwatchkey+0xec/0x2e0 security/keys/keyctl.c:1800 [<ffffffff8214ec84>] _dosyskeyctl+0x3c4/0x490 security/keys/keyctl.c:2016 [<ffffffff84493a25>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<ffffffff84493a25>] dosyscall64+0x35/0xb0 arch/x86/entry/common.c:80 [<ffffffff84600068>] entrySYSCALL64after_hwframe+0x44/0xae
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/31824613a42aacdcbeb325bf07a1c8247a11ebe2
- https://git.kernel.org/stable/c/3d8dcf278b1ee1eff1e90be848fa2237db4c07a7
- https://git.kernel.org/stable/c/7e8c9b0df07a77f0d072603b8ced2677e30e1893
- https://git.kernel.org/stable/c/9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b
- https://git.kernel.org/stable/c/f69aecb49968e14196366bbe896eab0a904229f5
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc73be61cede5882f9605a852414db559c0ebedfdFixed9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc73be61cede5882f9605a852414db559c0ebedfdFixedf69aecb49968e14196366bbe896eab0a904229f5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc73be61cede5882f9605a852414db559c0ebedfdFixed7e8c9b0df07a77f0d072603b8ced2677e30e1893
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc73be61cede5882f9605a852414db559c0ebedfdFixed31824613a42aacdcbeb325bf07a1c8247a11ebe2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc73be61cede5882f9605a852414db559c0ebedfdFixed3d8dcf278b1ee1eff1e90be848fa2237db4c07a7
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.7
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"deprecated": false,
"target": {
"function": "free_watch",
"file": "kernel/watch_queue.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b",
"digest": {
"function_hash": "313369638600437725296301508795684183997",
"length": 239.0
},
"id": "CVE-2022-49256-14f31ba9",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "kernel/watch_queue.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e8c9b0df07a77f0d072603b8ced2677e30e1893",
"digest": {
"threshold": 0.9,
"line_hashes": [
"157250318527350411482311974135296965183",
"52223220505761765810701734288128941816",
"285002072406242075875667332690023495805",
"250904878208422252973913682585705122372"
]
},
"id": "CVE-2022-49256-21ac7d2c",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "kernel/watch_queue.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"157250318527350411482311974135296965183",
"52223220505761765810701734288128941816",
"285002072406242075875667332690023495805",
"250904878208422252973913682585705122372"
]
},
"id": "CVE-2022-49256-2e470408",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "kernel/watch_queue.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f69aecb49968e14196366bbe896eab0a904229f5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"157250318527350411482311974135296965183",
"52223220505761765810701734288128941816",
"285002072406242075875667332690023495805",
"250904878208422252973913682585705122372"
]
},
"id": "CVE-2022-49256-6161ec32",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "kernel/watch_queue.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d8dcf278b1ee1eff1e90be848fa2237db4c07a7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"157250318527350411482311974135296965183",
"52223220505761765810701734288128941816",
"285002072406242075875667332690023495805",
"250904878208422252973913682585705122372"
]
},
"id": "CVE-2022-49256-6291df7b",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "free_watch",
"file": "kernel/watch_queue.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f69aecb49968e14196366bbe896eab0a904229f5",
"digest": {
"function_hash": "313369638600437725296301508795684183997",
"length": 239.0
},
"id": "CVE-2022-49256-6fe4c569",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "free_watch",
"file": "kernel/watch_queue.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d8dcf278b1ee1eff1e90be848fa2237db4c07a7",
"digest": {
"function_hash": "313369638600437725296301508795684183997",
"length": 239.0
},
"id": "CVE-2022-49256-75170bf4",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "free_watch",
"file": "kernel/watch_queue.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31824613a42aacdcbeb325bf07a1c8247a11ebe2",
"digest": {
"function_hash": "313369638600437725296301508795684183997",
"length": 239.0
},
"id": "CVE-2022-49256-c96e1d70",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "kernel/watch_queue.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31824613a42aacdcbeb325bf07a1c8247a11ebe2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"157250318527350411482311974135296965183",
"52223220505761765810701734288128941816",
"285002072406242075875667332690023495805",
"250904878208422252973913682585705122372"
]
},
"id": "CVE-2022-49256-da94fef9",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "free_watch",
"file": "kernel/watch_queue.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e8c9b0df07a77f0d072603b8ced2677e30e1893",
"digest": {
"function_hash": "313369638600437725296301508795684183997",
"length": 239.0
},
"id": "CVE-2022-49256-e0152245",
"signature_version": "v1"
}
]