In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix memory leak in testgensynthcmd() and testemptysynthevent()
testgensynthcmd() only free buf in fail path, hence buf will leak when there is no failure. Add kfree(buf) to prevent the memleak. The same reason and solution in testemptysynthevent().
unreferenced object 0xffff8881127de000 (size 2048): comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gensynthtest 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pidt nextpid_ backtrace: [<000000004254801a>] kmalloctrace+0x26/0x100 [<0000000039eb1cf5>] 0xffffffffa00083cd [<000000000e8c3bc8>] 0xffffffffa00086ba [<00000000c293d1ea>] dooneinitcall+0xdb/0x480 [<00000000aa189e6d>] doinitmodule+0x1cf/0x680 [<00000000d513222b>] loadmodule+0x6a50/0x70a0 [<000000001fd4d529>] _dosysfinitmodule+0x12f/0x1c0 [<00000000b36c4c0f>] dosyscall64+0x3f/0x90 [<00000000bbf20cf3>] entrySYSCALL64afterhwframe+0x63/0xcd unreferenced object 0xffff8881127df000 (size 2048): comm "modprobe", pid 247, jiffies 4294972324 (age 78.728s) hex dump (first 32 bytes): 20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 emptysynthtes 74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pidt nextpi backtrace: [<000000004254801a>] kmalloctrace+0x26/0x100 [<00000000d4db9a3d>] 0xffffffffa0008071 [<00000000c31354a5>] 0xffffffffa00086ce [<00000000c293d1ea>] dooneinitcall+0xdb/0x480 [<00000000aa189e6d>] doinitmodule+0x1cf/0x680 [<00000000d513222b>] loadmodule+0x6a50/0x70a0 [<000000001fd4d529>] _dosysfinitmodule+0x12f/0x1c0 [<00000000b36c4c0f>] dosyscall64+0x3f/0x90 [<00000000bbf20cf3>] entrySYSCALL64afterhwframe+0x63/0xcd
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4527fef9afe5c903c718d0cd24609fe9c754250", "deprecated": false, "digest": { "line_hashes": [ "270964343445064923792493313998296653523", "168299691937164544010569772423891596686", "173422440430287607868558970379797678340", "205155304218182578199839777247008646606", "44381167549949986318863642958925039081", "140352805678619172557122080427857059275", "263446203141258492271498056939450472918", "71895368279000599404494126591526211151", "315348511062366442983844252709762795642", "52219103743893578380617712713922241322", "102301980201115903272518140855288868069", "161394559929143838650514283414681766393", "122627408967560345594185961891999059575", "323617311908144673699818413713906751535", "263757421604826428448558144920046437395", "226911815120852882599833510175509357160", "138325495473912560018652572361277553442", "71895368279000599404494126591526211151", "336235332466418654150332014362594787624", "23401773799796691269748559834758096006" ], "threshold": 0.9 }, "id": "CVE-2022-49800-1ae139ed" }, { "signature_version": "v1", "target": { "function": "test_empty_synth_event", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07ba4f0603aba288580866394f2916dfe55823a2", "deprecated": false, "digest": { "length": 1568.0, "function_hash": "145647130402617145131723219645559193564" }, "id": "CVE-2022-49800-32422cb7" }, { "signature_version": "v1", "target": { "function": "test_gen_synth_cmd", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65ba7e7c241122ef0a9e61d1920f2ae9689aa796", "deprecated": false, "digest": { "length": 1343.0, "function_hash": "197139322237000015647507447140981927621" }, "id": "CVE-2022-49800-39cee228" }, { "signature_version": "v1", "target": { "function": "test_empty_synth_event", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65ba7e7c241122ef0a9e61d1920f2ae9689aa796", "deprecated": false, "digest": { "length": 1568.0, "function_hash": "145647130402617145131723219645559193564" }, "id": "CVE-2022-49800-4fc344a1" }, { "signature_version": "v1", "target": { "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65ba7e7c241122ef0a9e61d1920f2ae9689aa796", "deprecated": false, "digest": { "line_hashes": [ "270964343445064923792493313998296653523", "168299691937164544010569772423891596686", "173422440430287607868558970379797678340", "205155304218182578199839777247008646606", "44381167549949986318863642958925039081", "140352805678619172557122080427857059275", "263446203141258492271498056939450472918", "71895368279000599404494126591526211151", "315348511062366442983844252709762795642", "52219103743893578380617712713922241322", "102301980201115903272518140855288868069", "161394559929143838650514283414681766393", "122627408967560345594185961891999059575", "323617311908144673699818413713906751535", "263757421604826428448558144920046437395", "226911815120852882599833510175509357160", "138325495473912560018652572361277553442", "71895368279000599404494126591526211151", "336235332466418654150332014362594787624", "23401773799796691269748559834758096006" ], "threshold": 0.9 }, "id": "CVE-2022-49800-5011a6bf" }, { "signature_version": "v1", "target": { "function": "test_gen_synth_cmd", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4527fef9afe5c903c718d0cd24609fe9c754250", "deprecated": false, "digest": { "length": 1343.0, "function_hash": "197139322237000015647507447140981927621" }, "id": "CVE-2022-49800-70610014" }, { "signature_version": "v1", "target": { "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07ba4f0603aba288580866394f2916dfe55823a2", "deprecated": false, "digest": { "line_hashes": [ "270964343445064923792493313998296653523", "168299691937164544010569772423891596686", "173422440430287607868558970379797678340", "205155304218182578199839777247008646606", "44381167549949986318863642958925039081", "140352805678619172557122080427857059275", "263446203141258492271498056939450472918", "71895368279000599404494126591526211151", "315348511062366442983844252709762795642", "52219103743893578380617712713922241322", "102301980201115903272518140855288868069", "161394559929143838650514283414681766393", "122627408967560345594185961891999059575", "323617311908144673699818413713906751535", "263757421604826428448558144920046437395", "226911815120852882599833510175509357160", "138325495473912560018652572361277553442", "71895368279000599404494126591526211151", "336235332466418654150332014362594787624", "23401773799796691269748559834758096006" ], "threshold": 0.9 }, "id": "CVE-2022-49800-7dffe465" }, { "signature_version": "v1", "target": { "function": "test_empty_synth_event", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e5baaa181a052d968701bb9c5b1d55847f00942", "deprecated": false, "digest": { "length": 1568.0, "function_hash": "145647130402617145131723219645559193564" }, "id": "CVE-2022-49800-928d39f3" }, { "signature_version": "v1", "target": { "function": "test_gen_synth_cmd", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07ba4f0603aba288580866394f2916dfe55823a2", "deprecated": false, "digest": { "length": 1343.0, "function_hash": "197139322237000015647507447140981927621" }, "id": "CVE-2022-49800-b40bc340" }, { "signature_version": "v1", "target": { "function": "test_empty_synth_event", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a4527fef9afe5c903c718d0cd24609fe9c754250", "deprecated": false, "digest": { "length": 1568.0, "function_hash": "145647130402617145131723219645559193564" }, "id": "CVE-2022-49800-e41214ee" }, { "signature_version": "v1", "target": { "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e5baaa181a052d968701bb9c5b1d55847f00942", "deprecated": false, "digest": { "line_hashes": [ "270964343445064923792493313998296653523", "168299691937164544010569772423891596686", "173422440430287607868558970379797678340", "205155304218182578199839777247008646606", "44381167549949986318863642958925039081", "140352805678619172557122080427857059275", "263446203141258492271498056939450472918", "71895368279000599404494126591526211151", "315348511062366442983844252709762795642", "52219103743893578380617712713922241322", "102301980201115903272518140855288868069", "161394559929143838650514283414681766393", "122627408967560345594185961891999059575", "323617311908144673699818413713906751535", "263757421604826428448558144920046437395", "226911815120852882599833510175509357160", "138325495473912560018652572361277553442", "71895368279000599404494126591526211151", "336235332466418654150332014362594787624", "23401773799796691269748559834758096006" ], "threshold": 0.9 }, "id": "CVE-2022-49800-f1d0044b" }, { "signature_version": "v1", "target": { "function": "test_gen_synth_cmd", "file": "kernel/trace/synth_event_gen_test.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e5baaa181a052d968701bb9c5b1d55847f00942", "deprecated": false, "digest": { "length": 1343.0, "function_hash": "197139322237000015647507447140981927621" }, "id": "CVE-2022-49800-f25f09b0" } ] }