CVE-2022-50269 - Vulnerability Details

- drm/vkms: Fix memory leak in vkms_init()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/vkms: Fix memory leak in vkms_init()

A memory leak was reported after the vkms module install failed.

unreferenced object 0xffff88810bc28520 (size 16):
comm "modprobe", pid 9662, jiffies 4298009455 (age 42.590s)
hex dump (first 16 bytes):
01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff ...d............
backtrace:
[<00000000e7561ff8>] kmalloc_trace+0x27/0x60
[<000000000b1954a0>] 0xffffffffc45200a9
[<00000000abbf1da0>] do_one_initcall+0xd0/0x4f0
[<000000001505ee87>] do_init_module+0x1a4/0x680
[<00000000958079ad>] load_module+0x6249/0x7110
[<00000000117e4696>] __do_sys_finit_module+0x140/0x200
[<00000000f74b12d2>] do_syscall_64+0x35/0x80
[<000000008fc6fcde>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

The reason is that the vkms_init() returns without checking the return
value of vkms_create(), and if the vkms_create() failed, the config
allocated at the beginning of vkms_init() is leaked.

vkms_init()
config = kmalloc(...) # config allocated
...
return vkms_create() # vkms_create failed and config is leaked

Fix this problem by checking return value of vkms_create() and free the
config if error happened.

Published: 2025-09-15

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2df7af93fdadb9ba8226fe443fae15ecdefda2a6`	affected	< bad13de764888b765ceaa4668893b52bd16653cc
`2df7af93fdadb9ba8226fe443fae15ecdefda2a6`	affected	< bebd60ec3bf21062f103e32e6203c6daabdbd51b
`2df7af93fdadb9ba8226fe443fae15ecdefda2a6`	affected	< 07ab77154d6fd2d67e465ab5ce30083709950f02
`2df7af93fdadb9ba8226fe443fae15ecdefda2a6`	affected	< 0d0b368b9d104b437e1f4850ae94bdb9a3601e89

Linux

affected

Version	Status	Constraints
`5.12`	affected	—
`0`	unaffected	< 5.12
`5.15.99`	unaffected	≤ 5.15.*
`6.1.16`	unaffected	≤ 6.1.*
`6.2.3`	unaffected	≤ 6.2.*
`6.3`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-55586	In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix memory leak in vkms_init() A memory leak was reported after the vkms module install failed. unreferenced object 0xffff88810bc28520 (size 16): comm "modprobe", pid 9662, jiffies 4298009455 (age 42.590s) hex dump (first 16 bytes): 01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff ...d............ backtrace: [<00000000e7561ff8>] kmalloc_trace+0x27/0x60 [<000000000b1954a0>] 0xffffffffc45200a9 [<00000000abbf1da0>] do_one_initcall+0xd0/0x4f0 [<000000001505ee87>] do_init_module+0x1a4/0x680 [<00000000958079ad>] load_module+0x6249/0x7110 [<00000000117e4696>] __do_sys_finit_module+0x140/0x200 [<00000000f74b12d2>] do_syscall_64+0x35/0x80 [<000000008fc6fcde>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 The reason is that the vkms_init() returns without checking the return value of vkms_create(), and if the vkms_create() failed, the config allocated at the beginning of vkms_init() is leaked. vkms_init() config = kmalloc(...) # config allocated ... return vkms_create() # vkms_create failed and config is leaked Fix this problem by checking return value of vkms_create() and free the config if error happened.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/07ab77154d6fd2d67e465ab5ce30083709950f02
https://git.kernel.org/stable/c/0d0b368b9d104b437e1f4850ae94bdb9a3601e89
https://git.kernel.org/stable/c/bad13de764888b765ceaa4668893b52bd16653cc
https://git.kernel.org/stable/c/bebd60ec3bf21062f103e32e6203c6daabdbd51b
https://lore.kernel.org/linux-cve-announce/2025091504-CVE-2022-50269-24d9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50269
https://www.cve.org/CVERecord?id=CVE-2022-50269

History

Wed, 03 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Wed, 17 Sep 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Tue, 16 Sep 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025091504-CVE-2022-50269-24d9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50269 https://www.cve.org/CVERecord?id=CVE-2022-50269
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Mon, 15 Sep 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix memory leak in vkms_init() A memory leak was reported after the vkms module install failed. unreferenced object 0xffff88810bc28520 (size 16): comm "modprobe", pid 9662, jiffies 4298009455 (age 42.590s) hex dump (first 16 bytes): 01 01 00 64 81 88 ff ff 00 00 dc 0a 81 88 ff ff ...d............ backtrace: [<00000000e7561ff8>] kmalloc_trace+0x27/0x60 [<000000000b1954a0>] 0xffffffffc45200a9 [<00000000abbf1da0>] do_one_initcall+0xd0/0x4f0 [<000000001505ee87>] do_init_module+0x1a4/0x680 [<00000000958079ad>] load_module+0x6249/0x7110 [<00000000117e4696>] __do_sys_finit_module+0x140/0x200 [<00000000f74b12d2>] do_syscall_64+0x35/0x80 [<000000008fc6fcde>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 The reason is that the vkms_init() returns without checking the return value of vkms_create(), and if the vkms_create() failed, the config allocated at the beginning of vkms_init() is leaked. vkms_init() config = kmalloc(...) # config allocated ... return vkms_create() # vkms_create failed and config is leaked Fix this problem by checking return value of vkms_create() and free the config if error happened.
Title		drm/vkms: Fix memory leak in vkms_init()
References		https://git.kernel.org/stable/c/07ab77154d6fd2d67e465ab5ce30083709950f02 https://git.kernel.org/stable/c/0d0b368b9d104b437e1f4850ae94bdb9a3601e89 https://git.kernel.org/stable/c/bad13de764888b765ceaa4668893b52bd16653cc https://git.kernel.org/stable/c/bebd60ec3bf21062f103e32e6203c6daabdbd51b

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-15T14:21:05.485Z

Updated: 2026-05-11T19:16:03.635Z

Reserved: 2025-09-15T13:58:00.975Z

Link: CVE-2022-50269

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-09-15T15:15:37.707

Modified: 2025-12-03T18:17:11.063

Link: CVE-2022-50269

Redhat

Severity : Low

Publid Date: 2025-09-15T00:00:00Z

Links: CVE-2022-50269 - Bugzilla

OpenCVE Enrichment

Updated: 2025-09-17T10:08:26Z

Weaknesses

CWE-401

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object