CVE-2022-50391 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leak in set_mempolicy_home_node system call

When encountering any vma in the range with policy other than MPOL_BIND or
MPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on
the policy just allocated with mpol_dup().

This allows arbitrary users to leak kernel memory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0ce4cc6d269ddc448a825955b495f662f5d9e153
https://git.kernel.org/stable/c/38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76
https://git.kernel.org/stable/c/4ca0eb6b2f3add8c5daefb726ce57dc95d103d33

History

Thu, 18 Sep 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak in set_mempolicy_home_node system call When encountering any vma in the range with policy other than MPOL_BIND or MPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on the policy just allocated with mpol_dup(). This allows arbitrary users to leak kernel memory.
Title		mm/mempolicy: fix memory leak in set_mempolicy_home_node system call
References		https://git.kernel.org/stable/c/0ce4cc6d269ddc448a825955b495f662f5d9e153 https://git.kernel.org/stable/c/38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76 https://git.kernel.org/stable/c/4ca0eb6b2f3add8c5daefb726ce57dc95d103d33

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-18T13:33:10.768Z

Updated: 2025-09-18T13:33:10.768Z

Reserved: 2025-09-17T14:53:06.998Z

Link: CVE-2022-50391

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-18T14:15:38.127

Modified: 2025-09-18T14:15:38.127

Link: CVE-2022-50391

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50391", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-17T14:53:06.998Z", "datePublished": "2025-09-18T13:33:10.768Z", "dateUpdated": "2025-09-18T13:33:10.768Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-18T13:33:10.768Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix memory leak in set_mempolicy_home_node system call\n\nWhen encountering any vma in the range with policy other than MPOL_BIND or\nMPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on\nthe policy just allocated with mpol_dup().\n\nThis allows arbitrary users to leak kernel memory."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/mempolicy.c"], "versions": [{"version": "c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0", "lessThan": "4ca0eb6b2f3add8c5daefb726ce57dc95d103d33", "status": "affected", "versionType": "git"}, {"version": "c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0", "lessThan": "0ce4cc6d269ddc448a825955b495f662f5d9e153", "status": "affected", "versionType": "git"}, {"version": "c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0", "lessThan": "38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/mempolicy.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.17", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.3", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.0.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.1.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4ca0eb6b2f3add8c5daefb726ce57dc95d103d33"}, {"url": "https://git.kernel.org/stable/c/0ce4cc6d269ddc448a825955b495f662f5d9e153"}, {"url": "https://git.kernel.org/stable/c/38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76"}], "title": "mm/mempolicy: fix memory leak in set_mempolicy_home_node system call", "x_generator": {"engine": "bippy-1.2.0"}}}}