PT-2025-8560 · Linux+5 · Linux Kernel+5

Jianglei Nie

Publicado

2025-02-26

Atualizado

2025-11-12

CVE-2022-49627

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential memory leak in the ima init crypto() function has been identified. When the allocation of the SHA1 tfm fails, IMA fails to initialize and exits without freeing the ima algo array, leading to a memory leak. The issue is resolved by adding a missing kfree() for ima algo array.

Recommendations For the affected Linux kernel versions, consider applying the patch that adds the missing kfree() for ima algo array to avoid the potential memory leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401

Identificadores relacionados

ALSA-2025:20518

CVE-2022-49627

INFSA-2025_20518

OPENSUSE-SU-2025_1263-1

RHSA-2025:20518

RHSA-2025_20518

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Produtos afetados

Almalinux

Astra Linux

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-8560 · Linux+5 · Linux Kernel+5

CVE-2022-49627

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1569