{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49256", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.296Z", "datePublished": "2025-02-26T01:56:10.599Z", "dateUpdated": "2025-05-04T08:33:29.888Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:33:29.888Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Actually free the watch\n\nfree_watch() does everything barring actually freeing the watch object. Fix\nthis by adding the missing kfree.\n\nkmemleak produces a report something like the following. Note that as an\naddress can be seen in the first word, the watch would appear to have gone\nthrough call_rcu().\n\nBUG: memory leak\nunreferenced object 0xffff88810ce4a200 (size 96):\n comm \"syz-executor352\", pid 3605, jiffies 4294947473 (age 13.720s)\n hex dump (first 32 bytes):\n e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H.............\n 80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff8214e6cc>] kmalloc include/linux/slab.h:581 [inline]\n [<ffffffff8214e6cc>] kzalloc include/linux/slab.h:714 [inline]\n [<ffffffff8214e6cc>] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800\n [<ffffffff8214ec84>] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016\n [<ffffffff84493a25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [<ffffffff84493a25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/watch_queue.c"], "versions": [{"version": "c73be61cede5882f9605a852414db559c0ebedfd", "lessThan": "9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b", "status": "affected", "versionType": "git"}, {"version": "c73be61cede5882f9605a852414db559c0ebedfd", "lessThan": "f69aecb49968e14196366bbe896eab0a904229f5", "status": "affected", "versionType": "git"}, {"version": "c73be61cede5882f9605a852414db559c0ebedfd", "lessThan": "7e8c9b0df07a77f0d072603b8ced2677e30e1893", "status": "affected", "versionType": "git"}, {"version": "c73be61cede5882f9605a852414db559c0ebedfd", "lessThan": "31824613a42aacdcbeb325bf07a1c8247a11ebe2", "status": "affected", "versionType": "git"}, {"version": "c73be61cede5882f9605a852414db559c0ebedfd", "lessThan": "3d8dcf278b1ee1eff1e90be848fa2237db4c07a7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/watch_queue.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.110", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.33", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.19", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.2", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.110"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.15.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.16.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.17.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b"}, {"url": "https://git.kernel.org/stable/c/f69aecb49968e14196366bbe896eab0a904229f5"}, {"url": "https://git.kernel.org/stable/c/7e8c9b0df07a77f0d072603b8ced2677e30e1893"}, {"url": "https://git.kernel.org/stable/c/31824613a42aacdcbeb325bf07a1c8247a11ebe2"}, {"url": "https://git.kernel.org/stable/c/3d8dcf278b1ee1eff1e90be848fa2237db4c07a7"}], "title": "watch_queue: Actually free the watch", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Actually free the watch\n\nfree_watch() does everything barring actually freeing the watch object. Fix\nthis by adding the missing kfree.\n\nkmemleak produces a report something like the following. Note that as an\naddress can be seen in the first word, the watch would appear to have gone\nthrough call_rcu().\n\nBUG: memory leak\nunreferenced object 0xffff88810ce4a200 (size 96):\n comm \"syz-executor352\", pid 3605, jiffies 4294947473 (age 13.720s)\n hex dump (first 32 bytes):\n e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H.............\n 80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffff8214e6cc>] kmalloc include/linux/slab.h:581 [inline]\n [<ffffffff8214e6cc>] kzalloc include/linux/slab.h:714 [inline]\n [<ffffffff8214e6cc>] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800\n [<ffffffff8214ec84>] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016\n [<ffffffff84493a25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [<ffffffff84493a25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "id": "CVE-2022-49256", "lastModified": "2025-02-26T07:01:02.497", "metrics": {}, "published": "2025-02-26T07:01:02.497", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31824613a42aacdcbeb325bf07a1c8247a11ebe2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d8dcf278b1ee1eff1e90be848fa2237db4c07a7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7e8c9b0df07a77f0d072603b8ced2677e30e1893"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f69aecb49968e14196366bbe896eab0a904229f5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"affected_release": [{"advisory": "RHSA-2023:6583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "kernel: watch_queue: Actually free the watch", "id": "2347705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347705"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-772", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwatch_queue: Actually free the watch\nfree_watch() does everything barring actually freeing the watch object. Fix\nthis by adding the missing kfree.\nkmemleak produces a report something like the following. Note that as an\naddress can be seen in the first word, the watch would appear to have gone\nthrough call_rcu().\nBUG: memory leak\nunreferenced object 0xffff88810ce4a200 (size 96):\ncomm \"syz-executor352\", pid 3605, jiffies 4294947473 (age 13.720s)\nhex dump (first 32 bytes):\ne0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H.............\n80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<ffffffff8214e6cc>] kmalloc include/linux/slab.h:581 [inline]\n[<ffffffff8214e6cc>] kzalloc include/linux/slab.h:714 [inline]\n[<ffffffff8214e6cc>] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800\n[<ffffffff8214ec84>] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016\n[<ffffffff84493a25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[<ffffffff84493a25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae"], "name": "CVE-2022-49256", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49256\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49256\nhttps://lore.kernel.org/linux-cve-announce/2025022627-CVE-2022-49256-042d@gregkh/T"], "threat_severity": "Moderate"}