Bug 2363448 (CVE-2022-49890) - CVE-2022-49890 kernel: capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
Summary: CVE-2022-49890 kernel: capabilities: fix potential memleak on error path from...
Keywords:
Status: NEW
Alias: CVE-2022-49890
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-01 15:05 UTC by OSIDB Bzimport
Modified: 2025-05-02 03:25 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-01 15:05:02 UTC 
In the Linux kernel, the following vulnerability has been resolved:

capabilities: fix potential memleak on error path from vfs_getxattr_alloc()

In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to
complete the memory allocation of tmpbuf, if we have completed
the memory allocation of tmpbuf, but failed to call handler->get(...),
there will be a memleak in below logic:

  |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)
    |           /* ^^^ alloc for tmpbuf */
    |-- value = krealloc(*xattr_value, error + 1, flags)
    |           /* ^^^ alloc memory */
    |-- error = handler->get(handler, ...)
    |           /* error! */
    |-- *xattr_value = value
    |           /* xattr_value is &tmpbuf (memory leak!) */

So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.

[PM: subject line and backtrace tweaks]
Comment 1 Avinash Hanwate 2025-05-02 03:19:12 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050157-CVE-2022-49890-345f@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.