CVE-2022-50639

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1-rc1

Description A memory leak exists in the Linux kernel related to worker creation within the io-wq subsystem. Specifically, if CPU mask allocation for a node fails, the memory allocated for the io wqe struct is not freed during error handling because it hasn't been added to the wqes array. This issue was identified through fuzzing with Syzkaller. The vulnerable code path involves the io wq create() function and can occur during the io uring setup() system call.

Recommendations Update to a version of the Linux kernel newer than 6.1-rc1.