ghsa-3r6g-ffrp-58wf
Vulnerability from github
Published
2025-10-01 12:30
Modified
2025-10-01 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/binfmt_elf: Fix memory leak in load_elf_binary()

There is a memory leak reported by kmemleak:

unreferenced object 0xffff88817104ef80 (size 224): comm "xfs_admin", pid 47165, jiffies 4298708825 (age 1333.476s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff `.........Z..... backtrace: [] __alloc_file+0x21/0x250 [] alloc_empty_file+0x41/0xf0 [] path_openat+0xea/0x3d30 [] do_filp_open+0x1b9/0x290 [] do_open_execat+0xce/0x5b0 [] open_exec+0x27/0x50 [] load_elf_binary+0x510/0x3ed0 [] bprm_execve+0x599/0x1240 [] do_execveat_common.isra.0+0x4c7/0x680 [] __x64_sys_execve+0x88/0xb0 [] do_syscall_64+0x35/0x80

If "interp_elf_ex" fails to allocate memory in load_elf_binary(), the program will take the "out_free_ph" error handing path, resulting in "interpreter" file resource is not released.

Fix it by adding an error handing path "out_free_file", which will release the file resource when "interp_elf_ex" failed to allocate memory.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50466"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:40Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/binfmt_elf: Fix memory leak in load_elf_binary()\n\nThere is a memory leak reported by kmemleak:\n\n  unreferenced object 0xffff88817104ef80 (size 224):\n    comm \"xfs_admin\", pid 47165, jiffies 4298708825 (age 1333.476s)\n    hex dump (first 32 bytes):\n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n      60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff  `.........Z.....\n    backtrace:\n      [\u003cffffffff819171e1\u003e] __alloc_file+0x21/0x250\n      [\u003cffffffff81918061\u003e] alloc_empty_file+0x41/0xf0\n      [\u003cffffffff81948cda\u003e] path_openat+0xea/0x3d30\n      [\u003cffffffff8194ec89\u003e] do_filp_open+0x1b9/0x290\n      [\u003cffffffff8192660e\u003e] do_open_execat+0xce/0x5b0\n      [\u003cffffffff81926b17\u003e] open_exec+0x27/0x50\n      [\u003cffffffff81a69250\u003e] load_elf_binary+0x510/0x3ed0\n      [\u003cffffffff81927759\u003e] bprm_execve+0x599/0x1240\n      [\u003cffffffff8192a997\u003e] do_execveat_common.isra.0+0x4c7/0x680\n      [\u003cffffffff8192b078\u003e] __x64_sys_execve+0x88/0xb0\n      [\u003cffffffff83bbf0a5\u003e] do_syscall_64+0x35/0x80\n\nIf \"interp_elf_ex\" fails to allocate memory in load_elf_binary(),\nthe program will take the \"out_free_ph\" error handing path,\nresulting in \"interpreter\" file resource is not released.\n\nFix it by adding an error handing path \"out_free_file\", which will\nrelease the file resource when \"interp_elf_ex\" failed to allocate\nmemory.",
  "id": "GHSA-3r6g-ffrp-58wf",
  "modified": "2025-10-01T12:30:29Z",
  "published": "2025-10-01T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50466"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/265b6fb780f57d10449a40e94219b28fa52479cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/594d2a14f2168c09b13b114c3d457aa939403e52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/706215300411d48db6b51a5832b872632a84bbc1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/acd9b4914f1c5928c7ae8ebc623d6291eb1a573a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.