{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49080","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.247Z","datePublished":"2025-02-26T01:54:41.176Z","dateUpdated":"2025-05-04T08:29:17.556Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:29:17.556Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller.  But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new.  This would happen if mempolicy was updated on\nthe shared shmem file while the sp->lock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n  shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n  shm = shmat(shmid, 0, 0);\n  loop many times {\n    mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n    mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n          maxnode, 0);\n  }"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/mempolicy.c"],"versions":[{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"8510c2346d9e47a72b7f018a36ef0c39483e53d6","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"5e16dc5378abd749a836daa9ee4ab2c8d2668999","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"39a32f3c06f6d68a530bf9612afa19f50f12e93d","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"f7e183b0a7136b6dc9c7b9b2a85a608a8feba894","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"198932a14aeb19a15cf19e51e151d023bc4cd648","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"6e00309ac716fa8225f0cbde2cd9c24f0e74ee21","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"fe39ac59dbbf893b73b24e3184161d0bd06d6651","status":"affected","versionType":"git"},{"version":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264","lessThan":"4ad099559b00ac01c3726e5c95dc3108ef47d03e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/mempolicy.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"4.9.311","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.276","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.238","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.189","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.111","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.34","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.20","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.3","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.9.311"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.14.276"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"4.19.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.4.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.111"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.16.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.17.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8510c2346d9e47a72b7f018a36ef0c39483e53d6"},{"url":"https://git.kernel.org/stable/c/5e16dc5378abd749a836daa9ee4ab2c8d2668999"},{"url":"https://git.kernel.org/stable/c/39a32f3c06f6d68a530bf9612afa19f50f12e93d"},{"url":"https://git.kernel.org/stable/c/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b"},{"url":"https://git.kernel.org/stable/c/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894"},{"url":"https://git.kernel.org/stable/c/198932a14aeb19a15cf19e51e151d023bc4cd648"},{"url":"https://git.kernel.org/stable/c/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21"},{"url":"https://git.kernel.org/stable/c/fe39ac59dbbf893b73b24e3184161d0bd06d6651"},{"url":"https://git.kernel.org/stable/c/4ad099559b00ac01c3726e5c95dc3108ef47d03e"}],"title":"mm/mempolicy: fix mpol_new leak in shared_policy_replace","x_generator":{"engine":"bippy-1.2.0"}}}}