CVE-2022-49803 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: Fix memory leak of nsim_dev->fa_cookie

kmemleak reports this issue:

unreferenced object 0xffff8881bac872d0 (size 8): comm "sh", pid 58603, jiffies 4481524462 (age 68.065s) hex dump (first 8 bytes): 04 00 00 00 de ad be ef ........ backtrace: [<00000000c80b8577>] __kmalloc+0x49/0x150
[<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim]
[<0000000093d78e77>] full_proxy_write+0xf3/0x180
[<000000005a662c16>] vfs_write+0x1c5/0xaf0
[<000000007aabf84a>] ksys_write+0xed/0x1c0
[<000000005f1d2e47>] do_syscall_64+0x3b/0x90
[<000000006001c6ec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

The issue occurs in the following scenarios:

nsim_dev_trap_fa_cookie_write() kmalloc() fa_cookie nsim_dev->fa_cookie = fa_cookie .. nsim_drv_remove()

The fa_cookie allocked in nsim_dev_trap_fa_cookie_write() is not freed. To fix, add kfree(nsim_dev->fa_cookie) to nsim_drv_remove().

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 11/07/2025

The vulnerability identified as CVE-2022-49803 represents a memory leak within the Linux kernel's netdevsim network simulation driver module. This issue manifests as a kmemleak detection report indicating an unreferenced object of 8 bytes that remains allocated in kernel memory. The leaked memory segment originates from a specific code path involving the nsim_dev_trap_fa_cookie_write function, which allocates memory using kmalloc but fails to properly release it during device removal. The backtrace analysis reveals that the allocation occurs during a write operation to a full proxy interface, with the kernel process "sh" (pid 58603) being the culprit in this particular instance. The memory leak is directly tied to the device driver's lifecycle management, where allocated resources are not properly cleaned up during device removal operations.

The technical flaw resides in the improper resource management within the netdevsim driver's device removal handler. During normal operation, the nsim_dev_trap_fa_cookie_write function allocates memory for a fa_cookie structure using kmalloc and assigns it to the nsim_dev->fa_cookie field. However, when the device is removed through the nsim_drv_remove function, this allocated memory is never freed through a corresponding kfree call. This memory management oversight creates a persistent memory leak that accumulates over time, particularly in systems where the netdevsim driver is frequently loaded and unloaded. The vulnerability demonstrates a classic case of resource leak where kernel memory allocation occurs without proper deallocation, violating fundamental memory management principles and potentially leading to system performance degradation or memory exhaustion under sustained load conditions.

The operational impact of this memory leak extends beyond simple resource waste, as it can contribute to system instability and performance degradation in environments where the netdevsim driver is actively used. The vulnerability affects systems running Linux kernels that include the netdevsim module, particularly those utilizing network simulation capabilities for testing or development purposes. The memory leak compounds over time, as each device removal operation leaves behind unreferenced memory that cannot be reclaimed by the kernel's memory management subsystem. This issue is particularly concerning in long-running systems or those with frequent driver reload operations, where the accumulation of leaked memory segments can eventually impact overall system performance. The vulnerability also represents a potential security concern, as excessive memory consumption can make systems more susceptible to denial of service attacks or other resource exhaustion scenarios.

The mitigation strategy for CVE-2022-49803 involves implementing a straightforward but critical code fix within the netdevsim driver's device removal handler. The solution requires adding a kfree(nsim_dev->fa_cookie) call within the nsim_drv_remove function to ensure proper memory deallocation when devices are removed. This fix directly addresses the root cause by establishing proper resource cleanup during the driver's lifecycle. The implementation follows standard kernel programming practices and aligns with the CWE-401 category for memory leaks, which is classified under weak memory management practices. This vulnerability also maps to ATT&CK technique T1490, which involves resource exhaustion attacks, as the memory leak can contribute to system resource depletion. System administrators should apply the kernel patch that includes this fix as soon as possible, particularly in production environments where the netdevsim driver is deployed. The fix is minimal and low-risk, as it only adds a single memory deallocation statement without altering the driver's core functionality or introducing new code paths.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00165

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!