CVE-2022-50707

medium

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed in the invalid ctrl_status->status error handling case. Otherwise there is a memory leak.

References

https://git.kernel.org/stable/c/b1d65f717cd6305a396a8738e022c6f7c65cfbe8

https://git.kernel.org/stable/c/79026a2d0a1b080257773d22a493f9bcab8c65be

https://git.kernel.org/stable/c/67fb59ff1384e338679c0eb7a43c83ce8868c9fa

https://git.kernel.org/stable/c/0871df190fe6723464efe0f493d476411616f553

Details

Source: Mitre, NVD

Published: 2025-12-24

Updated: 2025-12-24

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018