DEBIAN-CVE-2022-49878
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-49878
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49878.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-49878
- Upstream
- Published
- 2025-05-01T15:16:12Z
- Modified
- 2025-09-19T06:11:39Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of reallocarray() were setting their allocation pointers to NULL, but on error krealloc() does not touch the original allocation. This would result in a memory resource leak. Instead, free the old allocation on the error handling path. The memory leak information is as follows as also reported by Zhengchao: unreferenced object 0xffff888019801800 (size 256): comm "bpfrepo", pid 6490, jiffies 4294959200 (age 17.170s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000b211474b>] _kmallocnodetrackcaller+0x45/0xc0 [<0000000086712a0b>] krealloc+0x83/0xd0 [<00000000139aab02>] reallocarray+0x82/0xe2 [<00000000b1ca41d1>] growstackstate+0xfb/0x186 [<00000000cd6f36d2>] checkmemaccess.cold+0x141/0x1341 [<0000000081780455>] docheckcommon+0x5358/0xb350 [<0000000015f6b091>] bpfcheck.cold+0xc3/0x29d [<000000002973c690>] bpfprogload+0x13db/0x2240 [<00000000028d1644>] _sysbpf+0x1605/0x4ce0 [<00000000053f29bd>] _x64sysbpf+0x75/0xb0 [<0000000056fedaf5>] dosyscall64+0x35/0x80 [<000000002bd58261>] entrySYSCALL64after_hwframe+0x63/0xcd
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source