| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100121-CVE-2022-50466-b59c@gregkh>
Date: Wed, 1 Oct 2025 13:45:36 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50466: fs/binfmt_elf: Fix memory leak in load_elf_binary()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
fs/binfmt_elf: Fix memory leak in load_elf_binary()
There is a memory leak reported by kmemleak:
unreferenced object 0xffff88817104ef80 (size 224):
comm "xfs_admin", pid 47165, jiffies 4298708825 (age 1333.476s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff `.........Z.....
backtrace:
[<ffffffff819171e1>] __alloc_file+0x21/0x250
[<ffffffff81918061>] alloc_empty_file+0x41/0xf0
[<ffffffff81948cda>] path_openat+0xea/0x3d30
[<ffffffff8194ec89>] do_filp_open+0x1b9/0x290
[<ffffffff8192660e>] do_open_execat+0xce/0x5b0
[<ffffffff81926b17>] open_exec+0x27/0x50
[<ffffffff81a69250>] load_elf_binary+0x510/0x3ed0
[<ffffffff81927759>] bprm_execve+0x599/0x1240
[<ffffffff8192a997>] do_execveat_common.isra.0+0x4c7/0x680
[<ffffffff8192b078>] __x64_sys_execve+0x88/0xb0
[<ffffffff83bbf0a5>] do_syscall_64+0x35/0x80
If "interp_elf_ex" fails to allocate memory in load_elf_binary(),
the program will take the "out_free_ph" error handing path,
resulting in "interpreter" file resource is not released.
Fix it by adding an error handing path "out_free_file", which will
release the file resource when "interp_elf_ex" failed to allocate
memory.
The Linux kernel CVE team has assigned CVE-2022-50466 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.7 with commit 0693ffebcfe5ac7b31f63ad54587007f7d96fb7b and fixed in 5.10.153 with commit 706215300411d48db6b51a5832b872632a84bbc1
Issue introduced in 5.7 with commit 0693ffebcfe5ac7b31f63ad54587007f7d96fb7b and fixed in 5.15.77 with commit 265b6fb780f57d10449a40e94219b28fa52479cc
Issue introduced in 5.7 with commit 0693ffebcfe5ac7b31f63ad54587007f7d96fb7b and fixed in 6.0.7 with commit acd9b4914f1c5928c7ae8ebc623d6291eb1a573a
Issue introduced in 5.7 with commit 0693ffebcfe5ac7b31f63ad54587007f7d96fb7b and fixed in 6.1 with commit 594d2a14f2168c09b13b114c3d457aa939403e52
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50466
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/binfmt_elf.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/706215300411d48db6b51a5832b872632a84bbc1
https://git.kernel.org/stable/c/265b6fb780f57d10449a40e94219b28fa52479cc
https://git.kernel.org/stable/c/acd9b4914f1c5928c7ae8ebc623d6291eb1a573a
https://git.kernel.org/stable/c/594d2a14f2168c09b13b114c3d457aa939403e52
Powered by blists - more mailing lists