CVE-2022-50748 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in init_mqueue_fs() commit db7cfc380900 ("ipc: Free mq_sysctls if ipc namespace creation failed") Here's a similar memory leak to the one fixed by the patch above. retire_mq_sysctls need to be called when init_mqueue_fs fails after setup_mq_sysctls.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.19.0 — 5.19.17+1

▶Debianlinux/linux_kernel< 6.0.3-1+2

▶CVEListV5linux/linuxdc55e35f9e810f23dd69cfdc91a3d636023f57a2 — a1f321051e0dcf2415fb94f81fdc5044cad4c1d6+3

▶debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

OSV

ipc: mqueue: fix possible memory leak in init_mqueue_fs()↗2025-12-24

▶

GHSA

GHSA-28q7-rjgm-6w8f: In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in init_mqueue_fs() commit db7cfc380900 ("↗2025-12-24

▶

OSV

CVE-2022-50748: In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in init_mqueue_fs() commit db7cfc380900 ("ip↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: Kernel: Denial of Service via memory leak in mqueue component↗2025-12-24

▶

Debian

CVE-2022-50748: linux - In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50748 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶