CVE-2022-50372Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-772Missing Release of Resource after Effective Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 17

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 (size 448): comm "mount.cifs", pid 51391, jiffies 4295596373 (age 330.596s) hex dump (first 32 bytes): fe 53 4d 42 40 00 00 00 00 00 00 00 01 00 82 00 .SMB@........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] mempool_alloc+0xe1/0x260 [] cifs_small_bu

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.166.0.6+1
Debianlinux/linux_kernel< 6.0.6-1+2
CVEListV5linux/linux49bd49f983b5026e4557d31c5d737d9657c4113efa5a70bdd5e565c8696fb04dfe18a4e8aff4695d+2
debiandebian/linux< linux 6.0.6-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-5wx2-vv79-wfg8: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory2025-09-17
OSV
CVE-2022-50372: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory l2025-09-17

📋Vendor Advisories

2
Red Hat
kernel: cifs: Fix memory leak when build ntlmssp negotiate blob failed2025-09-17
Debian
CVE-2022-50372: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix m...2022
CVE-2022-50372 — Linux vulnerability | cvebase