CVE-2022-49890
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49890
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49890.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49890
- Downstream
- Related
- Published
- 2025-05-01T14:10:34.481Z
- Modified
- 2025-11-27T02:32:57.476216Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
capabilities: fix potential memleak on error path from vfsgetxattralloc()
In capinodegetsecurity(), we will use vfsgetxattralloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic:
|-- ret = (int)vfsgetxattralloc(mntuserns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(*xattrvalue, error + 1, flags) | /* ^^^ alloc memory / |-- error = handler->get(handler, ...) | / error! / |-- *xattr_value = value | / xattr_value is &tmpbuf (memory leak!) */
So we will try to free(tmpbuf) after vfsgetxattralloc() fails to fix it.
[PM: subject line and backtrace tweaks]
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2022/49xxx/CVE-2022-49890.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603
- https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1
- https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
- https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d
- https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee
- https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98
- https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixed6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixed90577bcc01c4188416a47269f8433f70502abe98
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixed0c3e6288da650d1ec911a259c77bc2d88e498603
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixedcdf01c807e974048c43c7fd3ca574f6086a57906
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixed2de8eec8afb75792440b8900a01d52b8f6742fd1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixed7480aeff0093d8c54377553ec6b31110bea37b4d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8db6c34f1dbc8e06aa016a9b829b06902c3e1340Fixed8cf0a1bc12870d148ae830a4ba88cfdf0e879cee
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.14.0Fixed4.14.299
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.265
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.224
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.154
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.78
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.0.8