Description

In the Linux kernel, the following vulnerability has been resolved: ima: Fix memory leak in __ima_inode_hash() Commit f3cc6b25dcc5 ("ima: always measure and audit files in policy") lets measurement or audit happen even if the file digest cannot be calculated. As a result, iint->ima_hash could have been allocated despite ima_collect_measurement() returning an error. Since ima_hash belongs to a temporary inode metadata structure, declared at the beginning of __ima_inode_hash(), just add a kfree() call if ima_collect_measurement() returns an error different from -ENOMEM (in that case, ima_hash should not have been allocated).

INFO

Published Date :

2025-10-22T13:23:30.910Z

Last Modified :

2025-10-22T13:23:30.910Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-50577 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-50577.

URL Resource
https://git.kernel.org/stable/c/8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8 cve-icon cve-icon
https://git.kernel.org/stable/c/c4df8cb38f139ed9f4296868c0a6f15a26e8c491 cve-icon cve-icon
https://git.kernel.org/stable/c/f375bcf69f58fd0744c9dfd1b6b891a27301d67b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025102209-CVE-2022-50577-ebe1@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50577 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50577 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact