{ "threat_severity" : "Low", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Denial of Service in erofs due to memory leak", "id" : "2425151", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425151" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nerofs: Fix pcluster memleak when its block address is zero\nsyzkaller reported a memleak:\nhttps://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed\nunreferenced object 0xffff88811009c7f8 (size 136):\n...\nbacktrace:\n[] z_erofs_do_read_page+0x99b/0x1740\n[] z_erofs_readahead+0x24e/0x580\n[] read_pages+0x86/0x3d0\n...\nsyzkaller constructed a case: in z_erofs_register_pcluster(),\nztailpacking = false and map->m_pa = zero. This makes pcl->obj.index be\nzero although pcl is not a inline pcluster.\nThen following path adds refcount for grp, but the refcount won't be put\nbecause pcl is inline.\nz_erofs_readahead()\nz_erofs_do_read_page() # for another page\nz_erofs_collector_begin()\nerofs_find_workgroup()\nerofs_workgroup_get()\nSince it's illegal for the block address of a non-inlined pcluster to\nbe zero, add check here to avoid registering the pcluster which would\nbe leaked.", "A flaw was found in the Linux kernel's erofs filesystem. A local user can trigger a memory leak by exploiting a condition in the `z_erofs_register_pcluster()` function where a pcluster's block address is zero, leading to an unreleased reference count. This vulnerability can result in resource exhaustion, causing a Denial of Service (DoS) on the system." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50743\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50743\nhttps://lore.kernel.org/linux-cve-announce/2025122449-CVE-2022-50743-8e63@gregkh/T" ], "name" : "CVE-2022-50743", "csaw" : false }