CVE-2022-49890
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49890
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49890.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49890
- Downstream
- Related
- Published
- 2025-05-01T15:16:14Z
- Modified
- 2025-08-09T20:01:26Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
capabilities: fix potential memleak on error path from vfsgetxattralloc()
In capinodegetsecurity(), we will use vfsgetxattralloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic:
|-- ret = (int)vfsgetxattralloc(mntuserns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(*xattrvalue, error + 1, flags) | /* ^^^ alloc memory / |-- error = handler->get(handler, ...) | / error! / |-- *xattr_value = value | / xattr_value is &tmpbuf (memory leak!) */
So we will try to free(tmpbuf) after vfsgetxattralloc() fails to fix it.
[PM: subject line and backtrace tweaks]
- References
-
- https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603
- https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1
- https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85
- https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d
- https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee
- https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98
- https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906