CVE-2022-50667 — Missing Reference to Active Allocated Resource in Linux

CWE-771 — Missing Reference to Active Allocated Resource6 documents5 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the description string from userspace fails, then the page for the instance descriptor doesn't get freed before returning -EFAULT, which leads to a memleak.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.15.0 — 5.15.75+2

▶Debianlinux/linux_kernel< 6.0.3-1+2

▶CVEListV5linux/linux7a7a933edd6c3a6d5d64e08093f2d564104cefcd — b47a37ad4a444d82f9caf153a79d090b79786ebb+4

▶debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-m79x-vc6m-3cgv: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the descri↗2025-12-09

▶

OSV

drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()↗2025-12-09

▶

OSV

CVE-2022-50667: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the descript↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()↗2025-12-09

▶

Debian

CVE-2022-50667: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:...↗2022

▶