{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49800", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.225Z", "datePublished": "2025-05-01T14:09:29.042Z", "dateUpdated": "2025-05-04T08:45:37.373Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:45:37.373Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n hex dump (first 32 bytes):\n 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test\n 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<0000000039eb1cf5>] 0xffffffffa00083cd\n [<000000000e8c3bc8>] 0xffffffffa00086ba\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n hex dump (first 32 bytes):\n 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes\n 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<00000000d4db9a3d>] 0xffffffffa0008071\n [<00000000c31354a5>] 0xffffffffa00086ce\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/synth_event_gen_test.c"], "versions": [{"version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb", "lessThan": "65ba7e7c241122ef0a9e61d1920f2ae9689aa796", "status": "affected", "versionType": "git"}, {"version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb", "lessThan": "07ba4f0603aba288580866394f2916dfe55823a2", "status": "affected", "versionType": "git"}, {"version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb", "lessThan": "0e5baaa181a052d968701bb9c5b1d55847f00942", "status": "affected", "versionType": "git"}, {"version": "9fe41efaca08416657efa8731c0d47ccb6a3f3eb", "lessThan": "a4527fef9afe5c903c718d0cd24609fe9c754250", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/synth_event_gen_test.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.156", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.80", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.10", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.10.156"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.15.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796"}, {"url": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2"}, {"url": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942"}, {"url": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250"}], "title": "tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\n\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\n\nunreferenced object 0xffff8881127de000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\n hex dump (first 32 bytes):\n 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test\n 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<0000000039eb1cf5>] 0xffffffffa00083cd\n [<000000000e8c3bc8>] 0xffffffffa00086ba\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\n comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\n hex dump (first 32 bytes):\n 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes\n 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi\n backtrace:\n [<000000004254801a>] kmalloc_trace+0x26/0x100\n [<00000000d4db9a3d>] 0xffffffffa0008071\n [<00000000c31354a5>] 0xffffffffa00086ce\n [<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n [<00000000aa189e6d>] do_init_module+0x1cf/0x680\n [<00000000d513222b>] load_module+0x6a50/0x70a0\n [<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n [<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n [<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: Se corrige la fuga de memoria en test_gen_synth_cmd() y test_empty_synth_event(). Test_gen_synth_cmd() solo libera b\u00fafer en la ruta de fallo, por lo que el b\u00fafer se filtrar\u00e1 aunque no haya fallo. Se ha a\u00f1adido kfree(buf) para evitar la fuga de memoria. La misma raz\u00f3n y soluci\u00f3n se aplican en test_empty_synth_event(). objeto sin referencia 0xffff8881127de000 (size 2048): comm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_ backtrace: [&lt;000000004254801a&gt;] kmalloc_trace+0x26/0x100 [&lt;0000000039eb1cf5&gt;] 0xffffffffa00083cd [&lt;000000000e8c3bc8&gt;] 0xffffffffa00086ba [&lt;00000000c293d1ea&gt;] do_one_initcall+0xdb/0x480 [&lt;00000000aa189e6d&gt;] do_init_module+0x1cf/0x680 [&lt;00000000d513222b&gt;] load_module+0x6a50/0x70a0 [&lt;000000001fd4d529&gt;] __do_sys_finit_module+0x12f/0x1c0 [&lt;00000000b36c4c0f&gt;] do_syscall_64+0x3f/0x90 [&lt;00000000bbf20cf3&gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi backtrace: [&lt;000000004254801a&gt;] kmalloc_trace+0x26/0x100 [&lt;00000000d4db9a3d&gt;] 0xffffffffa0008071 [&lt;00000000c31354a5&gt;] 0xffffffffa00086ce [&lt;00000000c293d1ea&gt;] do_one_initcall+0xdb/0x480 [&lt;00000000aa189e6d&gt;] do_init_module+0x1cf/0x680 [&lt;00000000d513222b&gt;] load_module+0x6a50/0x70a0 [&lt;000000001fd4d529&gt;] __do_sys_finit_module+0x12f/0x1c0 [&lt;00000000b36c4c0f&gt;] do_syscall_64+0x3f/0x90 [&lt;00000000bbf20cf3&gt;] entry_SYSCALL_64_after_hwframe+0x63/0xcd "}], "id": "CVE-2022-49800", "lastModified": "2025-05-02T13:53:20.943", "metrics": {}, "published": "2025-05-01T15:16:03.303", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/07ba4f0603aba288580866394f2916dfe55823a2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e5baaa181a052d968701bb9c5b1d55847f00942"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65ba7e7c241122ef0a9e61d1920f2ae9689aa796"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4527fef9afe5c903c718d0cd24609fe9c754250"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()", "id": "2363430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363430"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()\ntest_gen_synth_cmd() only free buf in fail path, hence buf will leak\nwhen there is no failure. Add kfree(buf) to prevent the memleak. The\nsame reason and solution in test_empty_synth_event().\nunreferenced object 0xffff8881127de000 (size 2048):\ncomm \"modprobe\", pid 247, jiffies 4294972316 (age 78.756s)\nhex dump (first 32 bytes):\n20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test\n20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_\nbacktrace:\n[<000000004254801a>] kmalloc_trace+0x26/0x100\n[<0000000039eb1cf5>] 0xffffffffa00083cd\n[<000000000e8c3bc8>] 0xffffffffa00086ba\n[<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n[<00000000aa189e6d>] do_init_module+0x1cf/0x680\n[<00000000d513222b>] load_module+0x6a50/0x70a0\n[<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n[<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n[<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd\nunreferenced object 0xffff8881127df000 (size 2048):\ncomm \"modprobe\", pid 247, jiffies 4294972324 (age 78.728s)\nhex dump (first 32 bytes):\n20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes\n74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi\nbacktrace:\n[<000000004254801a>] kmalloc_trace+0x26/0x100\n[<00000000d4db9a3d>] 0xffffffffa0008071\n[<00000000c31354a5>] 0xffffffffa00086ce\n[<00000000c293d1ea>] do_one_initcall+0xdb/0x480\n[<00000000aa189e6d>] do_init_module+0x1cf/0x680\n[<00000000d513222b>] load_module+0x6a50/0x70a0\n[<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0\n[<00000000b36c4c0f>] do_syscall_64+0x3f/0x90\n[<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"], "name": "CVE-2022-49800", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49800\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49800\nhttps://lore.kernel.org/linux-cve-announce/2025050126-CVE-2022-49800-11d1@gregkh/T"], "statement": "The bug is in testing module only that is not being used by default. A memory leak was discovered in the tracing test module `synth_event_gen_test`, where the allocated buffer was not freed after successful execution. This resulted in unreferenced slab objects remaining in memory after module loading. The issue affects only test/debug modules and does not impact production kernel functionality.", "threat_severity": "Low"}

{"created": "2025-06-24T09:51:38.450775+00:00", "updated": "2025-06-24T09:51:38.450824+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}