CVE-2022-50761 - Vulnerability Details

- x86/xen: Fix memory leak in xen_init_lock_cpu()

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/xen: Fix memory leak in xen_init_lock_cpu()

In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(),
if bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead
to a memory leak issue, fix it.

Published: 2025-12-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 9278bdbb566656b3704704f8dd6cbc24a6fcc569
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 07764d00c869a3390bd4f80412cc8b0e669e6c58
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 53ff99c76be611acea37d33133c9136969914865
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 29198f667f4486f9e227e11faf1411fcf4c82a66
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 70e7f308d7a8e915c7fbc0f1d959968eab8000cd
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 70966d6b0f59f795b08a70adf5e4478348ecbfbb
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< 798fc3cf98ca07e448956f39295c5d686ab4b054
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< b44457b83a034efef58ffa5f3131d4615f1a9837
`2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79`	affected	< ca84ce153d887b1dc8b118029976cc9faf2a9b40

Linux

affected

Version	Status	Constraints
`2.6.27`	affected	—
`0`	unaffected	< 2.6.27
`4.9.337`	unaffected	≤ 4.9.*
`4.14.303`	unaffected	≤ 4.14.*
`4.19.270`	unaffected	≤ 4.19.*
`5.4.229`	unaffected	≤ 5.4.*
`5.10.163`	unaffected	≤ 5.10.*
`5.15.86`	unaffected	≤ 5.15.*
`6.0.16`	unaffected	≤ 6.0.*
`6.1.2`	unaffected	≤ 6.1.*
`6.2`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00085.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/07764d00c869a3390bd4f80412cc8b0e669e6c58
https://git.kernel.org/stable/c/29198f667f4486f9e227e11faf1411fcf4c82a66
https://git.kernel.org/stable/c/53ff99c76be611acea37d33133c9136969914865
https://git.kernel.org/stable/c/70966d6b0f59f795b08a70adf5e4478348ecbfbb
https://git.kernel.org/stable/c/70e7f308d7a8e915c7fbc0f1d959968eab8000cd
https://git.kernel.org/stable/c/798fc3cf98ca07e448956f39295c5d686ab4b054
https://git.kernel.org/stable/c/9278bdbb566656b3704704f8dd6cbc24a6fcc569
https://git.kernel.org/stable/c/b44457b83a034efef58ffa5f3131d4615f1a9837
https://git.kernel.org/stable/c/ca84ce153d887b1dc8b118029976cc9faf2a9b40
https://lore.kernel.org/linux-cve-announce/2025122455-CVE-2022-50761-0e67@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50761
https://www.cve.org/CVERecord?id=CVE-2022-50761

History

Thu, 25 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025122455-CVE-2022-50761-0e67@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50761 https://www.cve.org/CVERecord?id=CVE-2022-50761
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead to a memory leak issue, fix it.
Title		x86/xen: Fix memory leak in xen_init_lock_cpu()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/07764d00c869a3390bd4f80412cc8b0e669e6c58 https://git.kernel.org/stable/c/29198f667f4486f9e227e11faf1411fcf4c82a66 https://git.kernel.org/stable/c/53ff99c76be611acea37d33133c9136969914865 https://git.kernel.org/stable/c/70966d6b0f59f795b08a70adf5e4478348ecbfbb https://git.kernel.org/stable/c/70e7f308d7a8e915c7fbc0f1d959968eab8000cd https://git.kernel.org/stable/c/798fc3cf98ca07e448956f39295c5d686ab4b054 https://git.kernel.org/stable/c/9278bdbb566656b3704704f8dd6cbc24a6fcc569 https://git.kernel.org/stable/c/b44457b83a034efef58ffa5f3131d4615f1a9837 https://git.kernel.org/stable/c/ca84ce153d887b1dc8b118029976cc9faf2a9b40

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:05:53.312Z

Updated: 2025-12-24T13:05:53.312Z

Reserved: 2025-12-24T13:02:21.545Z

Link: CVE-2022-50761

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-24T13:16:02.873

Modified: 2026-04-15T00:35:42.020

Link: CVE-2022-50761

Redhat

Severity : Low

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2022-50761 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object