PT-2025-18607 · Linux+4 · Linux Kernel+4

Published

2023-11-14

Updated

2025-07-10

CVE-2022-49890

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the capabilities module. The problem occurs when the vfs getxattr alloc() function fails to allocate memory for the tmpbuf variable, but the handler->get() function is not called, resulting in a memory leak. This issue arises in the cap inode getsecurity() function when it attempts to complete the memory allocation of tmpbuf using vfs getxattr alloc(). To fix this, the code will attempt to free the tmpbuf memory after vfs getxattr alloc() fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CESA-2023_7077

CVE-2022-49890

RHSA-2023:7077

RHSA-2023_7077

SUSE-SU-2025:01918-1

SUSE-SU-2025:01966-1

SUSE-SU-2025:02173-1

SUSE-SU-2025:02262-1

SUSE-SU-2025:2173-1

SUSE-SU-2025_02173-1

SUSE-SU-2025_02262-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-18607 · Linux+4 · Linux Kernel+4

CVE-2022-49890

Weakness Enumeration

Related Identifiers

Affected Products

References · 448