ghsa-h9qx-33jg-gh24
Vulnerability from github
Published
2025-10-22 15:31
Modified
2025-10-22 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Update ipcomp_scratches with NULL when freed

Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratches holds obsolete address. So when we try to free the percpu scratches using ipcomp_free_scratches() it tries to vfree non existent vm area. Described below:

static void * __percpu ipcomp_alloc_scratches(void) { ... scratches = alloc_percpu(void ); if (!scratches) return NULL; ipcomp_scratches does not know about this allocation failure. Therefore holding the old obsolete address. ... }

So when we free,

static void ipcomp_free_scratches(void) { ... scratches = ipcomp_scratches; Assigning obsolete address from ipcomp_scratches

    if (!scratches)
            return;

    for_each_possible_cpu(i)
           vfree(*per_cpu_ptr(scratches, i));

Trying to free non existent page, causing warning: trying to vfree existent vm area. ... }

Fix this breakage by updating ipcomp_scrtches with NULL when scratches is freed

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50569"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T14:15:41Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Update ipcomp_scratches with NULL when freed\n\nCurrently if ipcomp_alloc_scratches() fails to allocate memory\nipcomp_scratches holds obsolete address. So when we try to free the\npercpu scratches using ipcomp_free_scratches() it tries to vfree non\nexistent vm area. Described below:\n\nstatic void * __percpu *ipcomp_alloc_scratches(void)\n{\n        ...\n        scratches = alloc_percpu(void *);\n        if (!scratches)\n                return NULL;\nipcomp_scratches does not know about this allocation failure.\nTherefore holding the old obsolete address.\n        ...\n}\n\nSo when we free,\n\nstatic void ipcomp_free_scratches(void)\n{\n        ...\n        scratches = ipcomp_scratches;\nAssigning obsolete address from ipcomp_scratches\n\n        if (!scratches)\n                return;\n\n        for_each_possible_cpu(i)\n               vfree(*per_cpu_ptr(scratches, i));\nTrying to free non existent page, causing warning: trying to vfree\nexistent vm area.\n        ...\n}\n\nFix this breakage by updating ipcomp_scrtches with NULL when scratches\nis freed",
  "id": "GHSA-h9qx-33jg-gh24",
  "modified": "2025-10-22T15:31:09Z",
  "published": "2025-10-22T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50569"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2c19945ce8095d065df550e7fe350cd5cc40c6e6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8a04d2fc700f717104bfb95b0f6694e448a4537f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a39f456d62810c0efb43cead22f98d95b53e4b1a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be81c44242b20fc3bdcc73480ef8aaee56f5d0b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/debca61df6bc2f65e020656c9c5b878d6b38d30f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3bdba4440d82e0da2b1bfc35d3836c8a8e00677"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.