CVE-2022-50577

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak exists within the ima inode hash() function due to a missing kfree() call when ima collect measurement() returns an error, excluding the case of -ENOMEM. The commit f3cc6b25dcc5, titled "ima: always measure and audit files in policy," allows measurement or audit to proceed even if the file digest calculation fails, potentially leading to the allocation of iint->ima hash despite an error from ima collect measurement(). This allocated memory, belonging to a temporary inode metadata structure, is not freed under certain error conditions, resulting in a memory leak.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.