DEBIAN-CVE-2022-50702

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-50702

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50702.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50702

Upstream

CVE-2022-50702

Published

2025-12-24T11:15:50.360Z

Modified

2025-12-25T11:13:39.856175Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix possible memory leak in vdpasimnetinit() and vdpasimblkinit() Inject fault while probing module, if deviceregister() fails in vdpasimnetinit() or vdpasimblkinit(), but the refcount of kobject is not decreased to 0, the name allocated in devsetname() is leaked. Fix this by calling putdevice(), so that name can be freed in callback function kobjectcleanup(). (vdpasimnet) unreferenced object 0xffff88807eebc370 (size 16): comm "modprobe", pid 3848, jiffies 4362982860 (age 18.153s) hex dump (first 16 bytes): 76 64 70 61 73 69 6d 5f 6e 65 74 00 6b 6b 6b a5 vdpasimnet.kkk. backtrace: [<ffffffff8174f19e>] _kmallocnodetrackcaller+0x4e/0x150 [<ffffffff81731d53>] kstrdup+0x33/0x60 [<ffffffff83a5d421>] kobjectsetnamevargs+0x41/0x110 [<ffffffff82d87aab>] devsetname+0xab/0xe0 [<ffffffff82d91a23>] deviceadd+0xe3/0x1a80 [<ffffffffa0270013>] 0xffffffffa0270013 [<ffffffff81001c27>] dooneinitcall+0x87/0x2e0 [<ffffffff813739cb>] doinitmodule+0x1ab/0x640 [<ffffffff81379d20>] loadmodule+0x5d00/0x77f0 [<ffffffff8137bc40>] _dosysfinitmodule+0x110/0x1b0 [<ffffffff83c4d505>] dosyscall64+0x35/0x80 [<ffffffff83e0006a>] entrySYSCALL64afterhwframe+0x46/0xb0 (vdpasimblk) unreferenced object 0xffff8881070c1250 (size 16): comm "modprobe", pid 6844, jiffies 4364069319 (age 17.572s) hex dump (first 16 bytes): 76 64 70 61 73 69 6d 5f 62 6c 6b 00 6b 6b 6b a5 vdpasimblk.kkk. backtrace: [<ffffffff8174f19e>] _kmallocnodetrackcaller+0x4e/0x150 [<ffffffff81731d53>] kstrdup+0x33/0x60 [<ffffffff83a5d421>] kobjectsetnamevargs+0x41/0x110 [<ffffffff82d87aab>] devsetname+0xab/0xe0 [<ffffffff82d91a23>] deviceadd+0xe3/0x1a80 [<ffffffffa0220013>] 0xffffffffa0220013 [<ffffffff81001c27>] dooneinitcall+0x87/0x2e0 [<ffffffff813739cb>] doinitmodule+0x1ab/0x640 [<ffffffff81379d20>] loadmodule+0x5d00/0x77f0 [<ffffffff8137bc40>] _dosysfinitmodule+0x110/0x1b0 [<ffffffff83c4d505>] dosyscall64+0x35/0x80 [<ffffffff83e0006a>] entrySYSCALL64afterhwframe+0x46/0xb0

References

https://security-tracker.debian.org/tracker/CVE-2022-50702

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50702.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50702.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50702.json"