Executive Summary

Informations
Name CVE-2022-49546 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-04-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

x86/kexec: fix memory leak of elf header buffer

This is reported by kmemleak detector:

unreferenced object 0xffffc900002a9000 (size 4096):
comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s)
hex dump (first 32 bytes):
7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............
04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>.............
backtrace:
[<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170
[<000000002b66b6c0>] __vmalloc_node+0xb4/0x160
[<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0
[<0000000019afff23>] crash_load_segments+0x260/0x470
[<0000000019ebe95c>] bzImage64_load+0x814/0xad0
[<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0
[<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0
[<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530
[<0000000087c19992>] do_syscall_64+0x3b/0x90
[<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae

In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to store elf headers. While it's not freed back to system correctly when kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing x86 specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there.

And also remove the incorrect elf header buffer freeing code. Before calling arch specific kexec_file loading function, the image instance has been initialized. So 'image->elf_headers' must be NULL. It doesn't make sense to free the elf header buffer in the place.

Three different people have reported three bugs about the memory leak on x86_64 inside Redhat.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49546

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3538

Sources (Detail)

https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833
https://git.kernel.org/stable/c/23cf39dccf7653650701a6f39b119e9116a27f1a
https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248
https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57
https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2025-06-26 02:09:55
  • Multiple Updates
2025-06-25 12:22:46
  • Multiple Updates
2025-06-24 02:14:31
  • Multiple Updates
2025-05-27 02:11:17
  • Multiple Updates
2025-03-29 03:14:49
  • Multiple Updates
2025-03-28 13:35:09
  • Multiple Updates
2025-03-28 02:57:14
  • Multiple Updates
2025-03-19 00:20:56
  • Multiple Updates
2025-03-18 00:20:59
  • Multiple Updates
2025-03-14 00:21:27
  • Multiple Updates
2025-03-13 21:21:20
  • Multiple Updates
2025-03-11 00:21:27
  • Multiple Updates
2025-02-26 17:20:30
  • First insertion