DEBIAN-CVE-2022-50372
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50372
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50372.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50372
- Upstream
- Published
- 2025-09-17T15:15:36Z
- Modified
- 2025-09-19T06:27:48Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 (size 448): comm "mount.cifs", pid 51391, jiffies 4295596373 (age 330.596s) hex dump (first 32 bytes): fe 53 4d 42 40 00 00 00 00 00 00 00 01 00 82 00 .SMB@........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000060609a61>] mempoolalloc+0xe1/0x260 [<00000000adfa6c63>] cifssmallbufget+0x24/0x60 [<00000000ebb404c7>] _smb2plainreqinit+0x32/0x460 [<00000000bcf875b4>] SMB2sessallocbuffer+0xa4/0x3f0 [<00000000753a2987>] SMB2sessauthrawntlmsspnegotiate+0xf5/0x480 [<00000000f0c1f4f9>] SMB2sesssetup+0x253/0x410 [<00000000a8b83303>] cifssetupsession+0x18f/0x4c0 [<00000000854bd16d>] cifsgetsmbses+0xae7/0x13c0 [<000000006cbc43d9>] mountgetconns+0x7a/0x730 [<000000005922d816>] cifsmount+0x103/0xd10 [<00000000e33def3b>] cifssmb3domount+0x1dd/0xc90 [<0000000078034979>] smb3gettree+0x1d5/0x300 [<000000004371f980>] vfsgettree+0x41/0xf0 [<00000000b670d8a7>] pathmount+0x9b3/0xdd0 [<000000005e839a7d>] _x64sysmount+0x190/0x1d0 [<000000009404c3b9>] dosyscall64+0x35/0x80 When build ntlmssp negotiate blob failed, the session setup request should be freed.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source