CVE-2022-50779
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel OrangeFS Module on Insert/Remove

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() When insert and remove the orangefs module, then debug_help_string will be leaked: unreferenced object 0xffff8881652ba000 (size 4096): comm "insmod", pid 1701, jiffies 4294893639 (age 13218.530s) hex dump (first 32 bytes): 43 6c 69 65 6e 74 20 44 65 62 75 67 20 4b 65 79 Client Debug Key 77 6f 72 64 73 20 61 72 65 20 75 6e 6b 6e 6f 77 words are unknow backtrace: [<0000000004e6f8e3>] kmalloc_trace+0x27/0xa0 [<0000000006f75d85>] orangefs_prepare_debugfs_help_string+0x5e/0x480 [orangefs] [<0000000091270a2a>] _sub_I_65535_1+0x57/0xf70 [crc_itu_t] [<000000004b1ee1a3>] do_one_initcall+0x87/0x2a0 [<000000001d0614ae>] do_init_module+0xdf/0x320 [<00000000efef068c>] load_module+0x2f98/0x3330 [<000000006533b44d>] __do_sys_finit_module+0x113/0x1b0 [<00000000a0da6f99>] do_syscall_64+0x35/0x80 [<000000007790b19b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 When remove the module, should always free debug_help_string. Should always free the allocated buffer when change the free_debug_help_string.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
orangefs orangefs *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's orangefs module. Specifically, when the orangefs module is inserted and removed, a debug_help_string buffer is allocated but not properly freed, causing a memory leak. The issue occurs in the function orangefs_prepare_debugfs_help_string(), where the allocated memory is not released upon module removal.


How can this vulnerability impact me? :

The impact of this vulnerability is a memory leak in the kernel when the orangefs module is inserted and removed. Over time, repeated insertions and removals could lead to increased memory usage and potentially degrade system performance or stability due to unreleased memory.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the orangefs module is updated to a version where the fix for kmemleak in orangefs_prepare_debugfs_help_string() is applied. Avoid inserting and removing the orangefs module repeatedly until the fix is applied, as the debug_help_string buffer is leaked on module removal. Applying the patch or updating the kernel to a version including this fix will prevent the memory leak.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart