vulnerability

Debian: CVE-2022-49801: linux -- security update

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
May 1, 2025
Added
May 5, 2025
Modified
May 27, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix memory leak in tracing_read_pipe()

kmemleak reports this issue:

unreferenced object 0xffff888105a18900 (size 128):
comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)
hex dump (first 32 bytes):
25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...B.X.
03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] __kmalloc_node_track_caller+0x4a/0x140
[] krealloc+0x8d/0xf0
[] trace_iter_expand_format+0x99/0x150
[] trace_check_vprintf+0x1e0/0x11d0
[] trace_event_printf+0xb6/0xf0
[] trace_raw_output_bpf_trace_printk+0x89/0xc0
[] print_trace_line+0x73c/0x1480
[] tracing_read_pipe+0x45c/0x9f0
[] vfs_read+0x17b/0x7c0
[] ksys_read+0xed/0x1c0
[] do_syscall_64+0x3b/0x90
[] entry_SYSCALL_64_after_hwframe+0x63/0xcd

iter->fmt alloced in
tracing_read_pipe() -> .. ->trace_iter_expand_format(), but not
freed, to fix, add free in tracing_release_pipe()

Solution(s)

debian-upgrade-linuxno-fix-debian-deb-package
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.