DEBIAN-CVE-2022-50631
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50631
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50631.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50631
- Upstream
- Published
- 2025-12-09T01:16:44.490Z
- Modified
- 2026-04-28T20:25:39.201880Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 (size 9588): comm "kexec", pid 146, jiffies 4294900634 (age 64.788s) hex dump (first 32 bytes): d0 0d fe ed 00 00 12 ed 00 00 00 48 00 00 11 40 ...........H...@ 00 00 00 28 00 00 00 11 00 00 00 02 00 00 00 00 ...(............ backtrace: [<00000000f95b17c4>] kmemleakalloc+0x34/0x3e [<00000000b9ec8e3e>] kmallocorder+0x9c/0xc4 [<00000000a95cf02e>] kmallocordertrace+0x34/0xb6 [<00000000f01e68b4>] _kmalloc+0x5c2/0x62a [<000000002bd497b2>] kvmallocnode+0x66/0xd6 [<00000000906542fa>] ofkexecallocandsetupfdt+0xa6/0x6ea [<00000000e1166bde>] elfkexecload+0x206/0x4ec [<0000000036548e09>] kexecimageloaddefault+0x40/0x4c [<0000000079fbe1b4>] syskexecfileload+0x1c4/0x322 [<0000000040c62c03>] retfromsyscall+0x0/0x2 In elfkexecload(), a buffer is allocated via kvmalloc() to store fdt. While it's not freed back to system when kexec kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing riscv specific function archkimagefilepostloadcleanup(), and freeing the buffer there.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source