CVE-2022-50577
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's Integrity Measurement Architecture (IMA) subsystem. Specifically, in the __ima_inode_hash() function, a memory allocation for ima_hash could occur even when the measurement collection function (ima_collect_measurement()) returns an error. This leads to allocated memory not being freed properly, causing a memory leak. The fix involves adding a call to free the allocated memory when an error occurs, except in the case of an out-of-memory error where the allocation should not have happened.
How can this vulnerability impact me? :
The memory leak caused by this vulnerability can lead to increased memory usage in the kernel over time, potentially degrading system performance or causing resource exhaustion. This could affect system stability and reliability, especially on systems with heavy file measurement or auditing activity.