CVE-2022-50751
- Source
- https://cve.org/CVERecord?id=CVE-2022-50751
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50751.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50751
- Downstream
- Related
- Published
- 2025-12-24T13:05:46.159Z
- Modified
- 2026-03-20T12:22:38.371398Z
- Summary
- configfs: fix possible memory leak in configfs_create_dir()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
configfs: fix possible memory leak in configfscreatedir()
kmemleak reported memory leaks in configfscreatedir():
unreferenced object 0xffff888009f6af00 (size 192): comm "modprobe", pid 3777, jiffies 4295537735 (age 233.784s) backtrace: kmemcachealloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273) newfragment (./include/linux/slab.h:600 fs/configfs/dir.c:163) configfsregistersubsystem (fs/configfs/dir.c:1857) basicwrite (drivers/hwtracing/stm/pbasic.c:14) stmpbasic dooneinitcall (init/main.c:1296) doinit_module (kernel/module/main.c:2455) ...
unreferenced object 0xffff888003ba7180 (size 96): comm "modprobe", pid 3777, jiffies 4295537735 (age 233.784s) backtrace: kmemcachealloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273) configfsnewdirent (./include/linux/slab.h:723 fs/configfs/dir.c:194) configfsmakedirent (fs/configfs/dir.c:248) configfscreatedir (fs/configfs/dir.c:296) configfsattachgroup.isra.28 (fs/configfs/dir.c:816 fs/configfs/dir.c:852) configfsregistersubsystem (fs/configfs/dir.c:1881) basicwrite (drivers/hwtracing/stm/pbasic.c:14) stmpbasic dooneinitcall (init/main.c:1296) doinitmodule (kernel/module/main.c:2455) ...
This is because the refcount is not correct in configfsmakedirent(). For normal stage, the refcount is changing as:
configfsregistersubsystem() configfscreatedir() configfsmakedirent() configfsnewdirent() # set scount = 1 dentry->dfsdata = configfsget(sd); # scount = 2 ... configfsunregistersubsystem() configfsremovedir() removedir() configfsremovedirent() # scount = 1 dput() ... dentryunlinkinode() configfsdiput() # s_count = 0, release
However, if we failed in configfs_create():
configfsregistersubsystem() configfscreatedir() configfsmakedirent() # scount = 2 ... configfscreate() # fail ->outremove: configfsremovedirent(dentry) configfsput(sd) # scount = 1 return PTRERR(inode);
There is no inode in the error path, so the configfsdiput() is lost and makes sd and fragment memory leaked.
To fix this, when we failed in configfscreate(), manually call configfsput(sd) to keep the refcount correct.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50751.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/07f82dca112262b169bec0001378126439cab776
- https://git.kernel.org/stable/c/74ac7c9ee2d486c501e7864c903f5098fc477acd
- https://git.kernel.org/stable/c/8bc77754224a2c8581727ffe2e958119b4e27c8f
- https://git.kernel.org/stable/c/90c38f57a821499391526b15cc944c265bd24e48
- https://git.kernel.org/stable/c/c65234b283a65cfbfc94619655e820a5e55199eb
- https://git.kernel.org/stable/c/c72eb6e6e49a71f7598740786568fafdd013a227
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50751.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50751
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7063fbf2261194f72ee75afca67b3b38b554b5faFixed90c38f57a821499391526b15cc944c265bd24e48Fixed74ac7c9ee2d486c501e7864c903f5098fc477acdFixed07f82dca112262b169bec0001378126439cab776Fixed8bc77754224a2c8581727ffe2e958119b4e27c8fFixedc72eb6e6e49a71f7598740786568fafdd013a227Fixedc65234b283a65cfbfc94619655e820a5e55199eb