CVE-2022-49546: x86/kexec: fix memory leak of elf header buffer
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170 [<000000002b66b6c0>] __vmalloc_node+0xb4/0x160 [<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0 [<0000000019afff23>] crash_load_segments+0x260/0x470 [<0000000019ebe95c>] bzImage64_load+0x814/0xad0 [<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0 [<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0 [<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530 [<0000000087c19992>] do_syscall_64+0x3b/0x90 [<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to store elf headers. While it's not freed back to system correctly when kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing x86 specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there. And also remove the incorrect elf header buffer freeing code. Before calling arch specific kexec_file loading function, the image instance has been initialized. So 'image->elf_headers' must be NULL. It doesn't make sense to free the elf header buffer in the place. Three different people have reported three bugs about the memory leak on x86_64 inside Redhat.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| <5.15.46 | ||
| >=5.16<5.17.14 | ||
| >=5.18<5.18.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833
- https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248
- https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57
- https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb
- https://git.kernel.org/stable/c/23cf39dccf7653650701a6f39b119e9116a27f1a
Frequently Asked Questions
What is the severity of CVE-2022-49546?
CVE-2022-49546 has a high severity as it involves a memory leak in the Linux kernel.
How do I fix CVE-2022-49546?
To mitigate CVE-2022-49546, update the Linux kernel to a version that is not affected, ideally versions beyond 5.15.46.
What impacts does CVE-2022-49546 have on Linux systems?
CVE-2022-49546 could lead to memory exhaustion on systems running affected versions of the Linux kernel.
Which versions of the Linux kernel are affected by CVE-2022-49546?
CVE-2022-49546 affects Linux kernel versions up to 5.15.46 and versions between 5.16 and 5.17.14, as well as 5.18 to 5.18.3.
Who discovered CVE-2022-49546?
CVE-2022-49546 was reported through the kmemleak detector indicating memory management issues in the Linux kernel.
- agent/first-publish-date
- agent/type
- agent/title
- agent/references
- agent/author
- agent/source
- agent/description
- agent/weakness
- agent/remedy
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup-request
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.16
- version/linux kernel/5.18