CVE-2022-49803

Source
https://cve.org/CVERecord?id=CVE-2022-49803
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49803.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49803
Downstream
Published
2025-05-01T14:09:30.971Z
Modified
2026-07-07T08:38:19.191278642Z
Summary
netdevsim: Fix memory leak of nsim_dev->fa_cookie
Details

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: Fix memory leak of nsimdev->facookie

kmemleak reports this issue:

unreferenced object 0xffff8881bac872d0 (size 8): comm "sh", pid 58603, jiffies 4481524462 (age 68.065s) hex dump (first 8 bytes): 04 00 00 00 de ad be ef ........ backtrace: [<00000000c80b8577>] _kmalloc+0x49/0x150 [<000000005292b8c6>] nsimdevtrapfacookiewrite+0xc1/0x210 [netdevsim] [<0000000093d78e77>] fullproxywrite+0xf3/0x180 [<000000005a662c16>] vfswrite+0x1c5/0xaf0 [<000000007aabf84a>] ksyswrite+0xed/0x1c0 [<000000005f1d2e47>] dosyscall64+0x3b/0x90 [<000000006001c6ec>] entrySYSCALL64afterhwframe+0x63/0xcd

The issue occurs in the following scenarios:

nsimdevtrapfacookiewrite() kmalloc() facookie nsimdev->facookie = facookie .. nsimdrv_remove()

The facookie allocked in nsimdevtrapfacookiewrite() is not freed. To fix, add kfree(nsimdev->facookie) to nsimdrvremove().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49803.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d3cbb907ae57fe5da314b51d949b617b538bdeae
Fixed
7d79725a7073d86b9185f87718e22f3d65115801
Fixed
6d463ddd0107d4188229d996dcdd45c99bad8af7
Fixed
207edad5717e0a5709ce8467f0eff41c607835c9
Fixed
064bc7312bd09a48798418663090be0c776183db

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49803.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.10.260
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.10

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49803.json"