ghsa-22jx-v9jm-qjqq
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
drm/vkms: Fix memory leak in vkms_init()
A memory leak was reported after the vkms module install failed.
unreferenced object 0xffff88810bc28520 (size 16): comm "modprobe", pid 9662, jiffies 4298009455 (age 42.590s) hex dump (first 16 bytes): 01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff ...d............ backtrace: [<00000000e7561ff8>] kmalloc_trace+0x27/0x60 [<000000000b1954a0>] 0xffffffffc45200a9 [<00000000abbf1da0>] do_one_initcall+0xd0/0x4f0 [<000000001505ee87>] do_init_module+0x1a4/0x680 [<00000000958079ad>] load_module+0x6249/0x7110 [<00000000117e4696>] __do_sys_finit_module+0x140/0x200 [<00000000f74b12d2>] do_syscall_64+0x35/0x80 [<000000008fc6fcde>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
The reason is that the vkms_init() returns without checking the return value of vkms_create(), and if the vkms_create() failed, the config allocated at the beginning of vkms_init() is leaked.
vkms_init() config = kmalloc(...) # config allocated ... return vkms_create() # vkms_create failed and config is leaked
Fix this problem by checking return value of vkms_create() and free the config if error happened.
{
"affected": [],
"aliases": [
"CVE-2022-50269"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:37Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Fix memory leak in vkms_init()\n\nA memory leak was reported after the vkms module install failed.\n\nunreferenced object 0xffff88810bc28520 (size 16):\n comm \"modprobe\", pid 9662, jiffies 4298009455 (age 42.590s)\n hex dump (first 16 bytes):\n 01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff ...d............\n backtrace:\n [\u003c00000000e7561ff8\u003e] kmalloc_trace+0x27/0x60\n [\u003c000000000b1954a0\u003e] 0xffffffffc45200a9\n [\u003c00000000abbf1da0\u003e] do_one_initcall+0xd0/0x4f0\n [\u003c000000001505ee87\u003e] do_init_module+0x1a4/0x680\n [\u003c00000000958079ad\u003e] load_module+0x6249/0x7110\n [\u003c00000000117e4696\u003e] __do_sys_finit_module+0x140/0x200\n [\u003c00000000f74b12d2\u003e] do_syscall_64+0x35/0x80\n [\u003c000000008fc6fcde\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe reason is that the vkms_init() returns without checking the return\nvalue of vkms_create(), and if the vkms_create() failed, the config\nallocated at the beginning of vkms_init() is leaked.\n\n vkms_init()\n config = kmalloc(...) # config allocated\n ...\n return vkms_create() # vkms_create failed and config is leaked\n\nFix this problem by checking return value of vkms_create() and free the\nconfig if error happened.",
"id": "GHSA-22jx-v9jm-qjqq",
"modified": "2025-09-15T15:31:25Z",
"published": "2025-09-15T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50269"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07ab77154d6fd2d67e465ab5ce30083709950f02"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d0b368b9d104b437e1f4850ae94bdb9a3601e89"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bad13de764888b765ceaa4668893b52bd16653cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bebd60ec3bf21062f103e32e6203c6daabdbd51b"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.