2425093 – (CVE-2022-50779) CVE-2022-50779 kernel: orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()

Bug 2425093 (CVE-2022-50779) - CVE-2022-50779 kernel: orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()

Summary: CVE-2022-50779 kernel: orangefs: Fix kmemleak in orangefs_prepare_debugfs_hel...

Keywords:
Status:	NEW
Alias:	CVE-2022-50779
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 14:02 UTC by OSIDB Bzimport
Modified:	2025-12-25 03:15 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 14:02:17 UTC

In the Linux kernel, the following vulnerability has been resolved:

orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()

When insert and remove the orangefs module, then debug_help_string will
be leaked:

  unreferenced object 0xffff8881652ba000 (size 4096):
    comm "insmod", pid 1701, jiffies 4294893639 (age 13218.530s)
    hex dump (first 32 bytes):
      43 6c 69 65 6e 74 20 44 65 62 75 67 20 4b 65 79  Client Debug Key
      77 6f 72 64 73 20 61 72 65 20 75 6e 6b 6e 6f 77  words are unknow
    backtrace:
      [<0000000004e6f8e3>] kmalloc_trace+0x27/0xa0
      [<0000000006f75d85>] orangefs_prepare_debugfs_help_string+0x5e/0x480 [orangefs]
      [<0000000091270a2a>] _sub_I_65535_1+0x57/0xf70 [crc_itu_t]
      [<000000004b1ee1a3>] do_one_initcall+0x87/0x2a0
      [<000000001d0614ae>] do_init_module+0xdf/0x320
      [<00000000efef068c>] load_module+0x2f98/0x3330
      [<000000006533b44d>] __do_sys_finit_module+0x113/0x1b0
      [<00000000a0da6f99>] do_syscall_64+0x35/0x80
      [<000000007790b19b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

When remove the module, should always free debug_help_string. Should
always free the allocated buffer when change the free_debug_help_string.

Comment 1 Alexander B 2025-12-25 03:11:11 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122401-CVE-2022-50779-fa1d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.