CVE-2022-49546 in Linux情報

要約

〜によって MITRE • 2025年02月26日

In the Linux kernel, the following vulnerability has been resolved:

x86/kexec: fix memory leak of elf header buffer

This is reported by kmemleak detector:

unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [] __vmalloc_node_range+0x101/0x170
[] __vmalloc_node+0xb4/0x160
[] crash_prepare_elf64_headers+0x8e/0xcd0
[] crash_load_segments+0x260/0x470
[] bzImage64_load+0x814/0xad0
[] arch_kexec_kernel_image_load+0x1be/0x2a0
[] kimage_file_alloc_init+0x2ec/0x5a0
[] __do_sys_kexec_file_load+0x28d/0x530
[] do_syscall_64+0x3b/0x90
[] entry_SYSCALL_64_after_hwframe+0x44/0xae

In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to store elf headers. While it's not freed back to system correctly when kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing x86 specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there.

And also remove the incorrect elf header buffer freeing code. Before calling arch specific kexec_file loading function, the image instance has been initialized. So 'image->elf_headers' must be NULL. It doesn't make sense to free the elf header buffer in the place.

Three different people have reported three bugs about the memory leak on x86_64 inside Redhat.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

責任者

Linux

予約する

2025年02月26日

モデレーション

承諾済み

エントリ

VDB-297117

EPSS

0.00270

アクティビティ

非常低い

ソース

Want to know what is going to be exploited?

We predict KEV entries!