CVE-2022-50495 — Missing Release of Resource after Effective Lifetime in Kernel

CWE-772 — Missing Release of Resource after Effective Lifetime3 documents3 sources

Severity

5.5MEDIUM

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel

Timeline

PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() These local variables @{resched|pmu|callfunc...}_name saves the new string allocated by kasprintf(), and when bind_{v}ipi_to_irqhandler() fails, it goes to the @fail tag, and calls xen_smp_intr_free{_pv}() to free resource, however the new string is not saved, which cause a memory leak issue. fix it.

Affected Packages1 packages

▶Debianlinux/linux_kernel< 5.10.178-1+3

🔴Vulnerability Details

GHSA

GHSA-5m26-pcqq-27h8: In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() These local variables @{res↗2025-10-04

▶

OSV

CVE-2022-50495: In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() These local variables @{resch↗2025-10-04

▶

📋Vendor Advisories

Red Hat

kernel: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()↗2025-10-04

▶