Detections
Analytics

CVE-2022-50376

medium

Description

In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace+0x27/0xa0 [<000000005b405fee>] orangefs_debugfs_init.cold+0xaf/0x17f [<00000000e5a0085b>] 0xffffffffa02780f9 [<000000004232d9f7>] do_one_initcall+0x87/0x2a0 [<0000000054f22384>] do_init_module+0xdf/0x320 [<000000003263bdea>] load_module+0x2f98/0x3330 [<0000000052cd4153>] __do_sys_finit_module+0x113/0x1b0 [<00000000250ae02b>] do_syscall_64+0x35/0x80 [<00000000f11c03c7>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Use the golbal variable as the buffer rather than dynamic allocate to slove the problem.

References

https://git.kernel.org/stable/c/c8853267289c55b1acbe4dc3641374887584834d

https://git.kernel.org/stable/c/bdc2d33fa2324b1f5ab5b701cda45ee0b2384409

https://git.kernel.org/stable/c/a076490b0211990ec6764328c22cb744dd782bd9

https://git.kernel.org/stable/c/786e5296f9e3b045d5ff9098514ce7b8ba1d890d

https://git.kernel.org/stable/c/31720a2b109b3080eb77e97b8f6f50a27b4ae599

https://git.kernel.org/stable/c/0cd303aad220fafa595e0ed593e99aa51b90412b

Details

Source: Mitre, NVD

Published: 2025-09-18

Updated: 2025-09-19

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024