CVE-2022-50376
18.09.2025, 14:15
In the Linux kernel, the following vulnerability has been resolved:
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
When insert and remove the orangefs module, there are memory leaked
as below:
unreferenced object 0xffff88816b0cc000 (size 2048):
comm "insmod", pid 783, jiffies 4294813439 (age 65.512s)
hex dump (first 32 bytes):
6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<0000000031ab7788>] kmalloc_trace+0x27/0xa0
[<000000005b405fee>] orangefs_debugfs_init.cold+0xaf/0x17f
[<00000000e5a0085b>] 0xffffffffa02780f9
[<000000004232d9f7>] do_one_initcall+0x87/0x2a0
[<0000000054f22384>] do_init_module+0xdf/0x320
[<000000003263bdea>] load_module+0x2f98/0x3330
[<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0
[<00000000250ae02b>] do_syscall_64+0x35/0x80
[<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Use the golbal variable as the buffer rather than dynamic allocate to
slove the problem.Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.6 ≤ 𝑥 < 5.4.229 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.163 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.86 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.0.16 |
| linux | linux_kernel | 6.1 ≤ 𝑥 < 6.1.2 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References