CVE-2022-49890
Published: May 1, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic: |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(*xattr_value, error + 1, flags) | /* ^^^ alloc memory */ |-- error = handler->get(handler, ...) | /* error! */ |-- *xattr_value = value | /* xattr_value is &tmpbuf (memory leak!) */ So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it. [PM: subject line and backtrace tweaks]
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 - < 6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85affected 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 - < 90577bcc01c4188416a47269f8433f70502abe98affected 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 - < 0c3e6288da650d1ec911a259c77bc2d88e498603affected 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 - < cdf01c807e974048c43c7fd3ca574f6086a57906affected 8db6c34f1dbc8e06aa016a9b829b06902c3e1340 - < 2de8eec8afb75792440b8900a01d52b8f6742fd1+2 more versions |
Linux | Linux | affected 4.14unaffected 0 - < 4.14unaffected 4.14.299 - <= 4.14.*unaffected 4.19.265 - <= 4.19.*unaffected 5.4.224 - <= 5.4.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now