fkie_cve-2022-50569
Vulnerability from fkie_nvd
Published
2025-10-22 14:15
Modified
2025-10-22 21:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcomp_scratches with NULL when freed Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratches holds obsolete address. So when we try to free the percpu scratches using ipcomp_free_scratches() it tries to vfree non existent vm area. Described below: static void * __percpu *ipcomp_alloc_scratches(void) { ... scratches = alloc_percpu(void *); if (!scratches) return NULL; ipcomp_scratches does not know about this allocation failure. Therefore holding the old obsolete address. ... } So when we free, static void ipcomp_free_scratches(void) { ... scratches = ipcomp_scratches; Assigning obsolete address from ipcomp_scratches if (!scratches) return; for_each_possible_cpu(i) vfree(*per_cpu_ptr(scratches, i)); Trying to free non existent page, causing warning: trying to vfree existent vm area. ... } Fix this breakage by updating ipcomp_scrtches with NULL when scratches is freed
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2c19945ce8095d065df550e7fe350cd5cc40c6e6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a04d2fc700f717104bfb95b0f6694e448a4537f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a39f456d62810c0efb43cead22f98d95b53e4b1a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/be81c44242b20fc3bdcc73480ef8aaee56f5d0b6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/debca61df6bc2f65e020656c9c5b878d6b38d30f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f3bdba4440d82e0da2b1bfc35d3836c8a8e00677
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Update ipcomp_scratches with NULL when freed\n\nCurrently if ipcomp_alloc_scratches() fails to allocate memory\nipcomp_scratches holds obsolete address. So when we try to free the\npercpu scratches using ipcomp_free_scratches() it tries to vfree non\nexistent vm area. Described below:\n\nstatic void * __percpu *ipcomp_alloc_scratches(void)\n{\n        ...\n        scratches = alloc_percpu(void *);\n        if (!scratches)\n                return NULL;\nipcomp_scratches does not know about this allocation failure.\nTherefore holding the old obsolete address.\n        ...\n}\n\nSo when we free,\n\nstatic void ipcomp_free_scratches(void)\n{\n        ...\n        scratches = ipcomp_scratches;\nAssigning obsolete address from ipcomp_scratches\n\n        if (!scratches)\n                return;\n\n        for_each_possible_cpu(i)\n               vfree(*per_cpu_ptr(scratches, i));\nTrying to free non existent page, causing warning: trying to vfree\nexistent vm area.\n        ...\n}\n\nFix this breakage by updating ipcomp_scrtches with NULL when scratches\nis freed"
    }
  ],
  "id": "CVE-2022-50569",
  "lastModified": "2025-10-22T21:12:48.953",
  "metrics": {},
  "published": "2025-10-22T14:15:41.780",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2c19945ce8095d065df550e7fe350cd5cc40c6e6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8a04d2fc700f717104bfb95b0f6694e448a4537f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a39f456d62810c0efb43cead22f98d95b53e4b1a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/be81c44242b20fc3bdcc73480ef8aaee56f5d0b6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/debca61df6bc2f65e020656c9c5b878d6b38d30f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f3bdba4440d82e0da2b1bfc35d3836c8a8e00677"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.