CVE-2022-50391

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50391
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50391.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50391
Downstream
Related
Published
2025-09-18T13:33:10Z
Modified
2025-10-21T12:46:47.890030Z
Summary
mm/mempolicy: fix memory leak in set_mempolicy_home_node system call
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leak in setmempolicyhome_node system call

When encountering any vma in the range with policy other than MPOLBIND or MPOLPREFERREDMANY, an error is returned without issuing a mpolput on the policy just allocated with mpol_dup().

This allows arbitrary users to leak kernel memory.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0
Fixed
4ca0eb6b2f3add8c5daefb726ce57dc95d103d33
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0
Fixed
0ce4cc6d269ddc448a825955b495f662f5d9e153
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0
Fixed
38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76

Affected versions

v5.*

v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2022-50391-186670f7",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ca0eb6b2f3add8c5daefb726ce57dc95d103d33",
        "signature_version": "v1",
        "target": {
            "function": "SYSCALL_DEFINE4",
            "file": "mm/mempolicy.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "161196312206971867612450849472863779543",
            "length": 1162.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2022-50391-2384f6d3",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0ce4cc6d269ddc448a825955b495f662f5d9e153",
        "signature_version": "v1",
        "target": {
            "function": "SYSCALL_DEFINE4",
            "file": "mm/mempolicy.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "109979892599940213936209867045044100674",
            "length": 1120.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2022-50391-6ad3a85c",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0ce4cc6d269ddc448a825955b495f662f5d9e153",
        "signature_version": "v1",
        "target": {
            "file": "mm/mempolicy.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "111201215960665695774032149593468031233",
                "61298621715229381405017303547034806492",
                "132430502059530489021592664873062295562",
                "338384273565592470318402342581124578438"
            ],
            "threshold": 0.9
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2022-50391-bd1ea6c6",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76",
        "signature_version": "v1",
        "target": {
            "function": "SYSCALL_DEFINE4",
            "file": "mm/mempolicy.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "109979892599940213936209867045044100674",
            "length": 1120.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2022-50391-d469a1b2",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38ce7c9bdfc228c14d7621ba36d3eebedd9d4f76",
        "signature_version": "v1",
        "target": {
            "file": "mm/mempolicy.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "111201215960665695774032149593468031233",
                "61298621715229381405017303547034806492",
                "132430502059530489021592664873062295562",
                "338384273565592470318402342581124578438"
            ],
            "threshold": 0.9
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2022-50391-efa3c684",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ca0eb6b2f3add8c5daefb726ce57dc95d103d33",
        "signature_version": "v1",
        "target": {
            "file": "mm/mempolicy.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "111201215960665695774032149593468031233",
                "61298621715229381405017303547034806492",
                "132430502059530489021592664873062295562",
                "338384273565592470318402342581124578438"
            ],
            "threshold": 0.9
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
6.0.17
Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.3