CVE-2022-50743Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed unreferenced object 0xffff88811009c7f8 (size 136): ... backtrace: [] z_erofs_do_read_page+0x99b/0x1740 [] z_erofs_readahead+0x24e/0x580 [] read_pages+0x86/0x3d0 ... syzkaller constructed a case: in z_erofs_register_pcluster(), ztailpacking = false and map->m_pa

Affected Packages4 packages

Linuxlinux/linux_kernel5.17.06.0.16+1
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linuxcecf864d3d76d50e3d9c58145e286a0b8c284e92ac54c1f7b288d83b6ba1e320efff24ecc21309cd+3
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50743: In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a me2025-12-24
OSV
erofs: Fix pcluster memleak when its block address is zero2025-12-24
GHSA
GHSA-x7fv-mvjx-m6c8: In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service in erofs due to memory leak2025-12-24
Debian
CVE-2022-50743: linux - In the Linux kernel, the following vulnerability has been resolved: erofs: Fix ...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50743 Impact, Exploitability, and Mitigation Steps | Wiz