Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2022-49546

Disclosure Date: February 26, 2025 •

CVE-2022-49546

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/kexec: fix memory leak of elf header buffer

This is reported by kmemleak detector:

unreferenced object 0xffffc900002a9000 (size 4096):
comm “kexec”, pid 14950, jiffies 4295110793 (age 373.951s)
hex dump (first 32 bytes):

7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00  .ELF............
04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00  ..>.............

backtrace:

[<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170
[<000000002b66b6c0>] __vmalloc_node+0xb4/0x160
[<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0
[<0000000019afff23>] crash_load_segments+0x260/0x470
[<0000000019ebe95c>] bzImage64_load+0x814/0xad0
[<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0
[<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0
[<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530
[<0000000087c19992>] do_syscall_64+0x3b/0x90
[<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae

In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to
store elf headers. While it’s not freed back to system correctly when
kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it
by introducing x86 specific function arch_kimage_file_post_load_cleanup(),
and freeing the buffer there.

And also remove the incorrect elf header buffer freeing code. Before
calling arch specific kexec_file loading function, the image instance has
been initialized. So ‘image->elf_headers’ must be NULL. It doesn’t make
sense to free the elf header buffer in the place.

Three different people have reported three bugs about the memory leak on
x86_64 inside Redhat.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2022-49546 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49546)

Miscellaneous

https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248

https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833

https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb

https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57

Rapid7

Unknown

CVE-2022-49546

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-49546

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2022-49546

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-49546

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification