CVE-2022-49546

{"id": "CVE-2022-49546", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:30.500", "references": [{"url": "https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/23cf39dccf7653650701a6f39b119e9116a27f1a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: fix memory leak of elf header buffer\n\nThis is reported by kmemleak detector:\n\nunreferenced object 0xffffc900002a9000 (size 4096):\n comm \"kexec\", pid 14950, jiffies 4295110793 (age 373.951s)\n hex dump (first 32 bytes):\n 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............\n 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>.............\n backtrace:\n [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170\n [<000000002b66b6c0>] __vmalloc_node+0xb4/0x160\n [<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0\n [<0000000019afff23>] crash_load_segments+0x260/0x470\n [<0000000019ebe95c>] bzImage64_load+0x814/0xad0\n [<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0\n [<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0\n [<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530\n [<0000000087c19992>] do_syscall_64+0x3b/0x90\n [<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to\nstore elf headers. While it's not freed back to system correctly when\nkdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it\nby introducing x86 specific function arch_kimage_file_post_load_cleanup(),\nand freeing the buffer there.\n\nAnd also remove the incorrect elf header buffer freeing code. Before\ncalling arch specific kexec_file loading function, the image instance has\nbeen initialized. So 'image->elf_headers' must be NULL. It doesn't make\nsense to free the elf header buffer in the place.\n\nThree different people have reported three bugs about the memory leak on\nx86_64 inside Redhat."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/kexec: se corrige la p\u00e9rdida de memoria del b\u00fafer de encabezado elf Esto lo informa el detector kmemleak: objeto sin referencia 0xffffc900002a9000 (size 4096): comm \"kexec\", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..&gt;............. backtrace: [&lt;0000000016a8ef9f&gt;] __vmalloc_node_range+0x101/0x170 [&lt;000000002b66b6c0&gt;] __vmalloc_node+0xb4/0x160 [&lt;00000000ad40107d&gt;] crash_prepare_elf64_headers+0x8e/0xcd0 [&lt;0000000019afff23&gt;] crash_load_segments+0x260/0x470 [&lt;0000000019ebe95c&gt;] bzImage64_load+0x814/0xad0 [&lt;0000000093e16b05&gt;] arch_kexec_kernel_image_load+0x1be/0x2a0 [&lt;000000009ef2fc88&gt;] kimage_file_alloc_init+0x2ec/0x5a0 [&lt;0000000038f5a97a&gt;] __do_sys_kexec_file_load+0x28d/0x530 [&lt;0000000087c19992&gt;] do_syscall_64+0x3b/0x90 [&lt;0000000066e063a4&gt;] entry_SYSCALL_64_after_hwframe+0x44/0xae In crash_prepare_elf64_headers(), se asigna un b\u00fafer a trav\u00e9s de vmalloc() para almacenar encabezados elf. Sin embargo, no se libera correctamente al sistema cuando se vuelve a cargar o descargar el kernel kdump. Entonces se produce una p\u00e9rdida de memoria. Arr\u00e9glelo introduciendo la funci\u00f3n espec\u00edfica x86 arch_kimage_file_post_load_cleanup() y liberando el b\u00fafer all\u00ed. Y tambi\u00e9n elimine el c\u00f3digo incorrecto de liberaci\u00f3n del b\u00fafer del encabezado elf. Antes de llamar a la funci\u00f3n de carga kexec_file espec\u00edfica de arch, se ha inicializado la instancia de la imagen. Por lo tanto, 'image-&gt;elf_headers' debe ser NULL. No tiene sentido liberar el b\u00fafer del encabezado elf en ese lugar. Tres personas diferentes han informado tres errores sobre la p\u00e9rdida de memoria en x86_64 dentro de Redhat."}], "lastModified": "2025-04-10T13:15:43.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40E62665-0BA6-440F-83E8-6F8EC2D3C9DF", "versionEndExcluding": "5.15.46"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}