CVE-2022-50569

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the xfrm subsystem related to memory management. Specifically, if ipcomp alloc scratches() fails to allocate memory, the ipcomp scratches variable retains an obsolete address. Subsequently, when ipcomp free scratches() attempts to free the per-CPU scratches, it may attempt to free a non-existent virtual memory area, resulting in a warning message. This occurs because ipcomp scratches is not updated to NULL upon allocation failure. The issue is addressed by updating ipcomp scratches with NULL when the scratches are freed. The vulnerable functions involved are ipcomp alloc scratches() and ipcomp free scratches(). The variable ipcomp scratches holds the obsolete address. The function vfree() attempts to free the non-existent page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.