CVE-2022-50761 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.1%

top 79.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead to a memory leak issue, fix it.

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.27 — 4.9.337+7

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79 — 9278bdbb566656b3704704f8dd6cbc24a6fcc569+9

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-9498-f72m-xmv4: In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @nam↗2025-12-24

▶

OSV

CVE-2022-50761: In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name↗2025-12-24

▶

OSV

x86/xen: Fix memory leak in xen_init_lock_cpu()↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel (x86/xen): Memory leak in CPU lock initialization leading to denial of service.↗2025-12-24

▶

Debian

CVE-2022-50761: linux - In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fi...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50761 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶