{"id":"CVE-2022-49080","summary":"mm/mempolicy: fix mpol_new leak in shared_policy_replace","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller.  But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new.  This would happen if mempolicy was updated on\nthe shared shmem file while the sp-\u003elock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n  shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n  shm = shmat(shmid, 0, 0);\n  loop many times {\n    mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n    mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n          maxnode, 0);\n  }","modified":"2026-05-15T11:53:43.778826320Z","published":"2025-02-26T01:54:41.176Z","related":["SUSE-SU-2025:01844-1","SUSE-SU-2025:01849-1","SUSE-SU-2025:01868-1","SUSE-SU-2025:01869-1","SUSE-SU-2025:01873-1","SUSE-SU-2025:01875-1","SUSE-SU-2025:01892-1","SUSE-SU-2025:01893-1","SUSE-SU-2025:01899-1","SUSE-SU-2025:01901-1","SUSE-SU-2025:01906-1","SUSE-SU-2025:01907-1","SUSE-SU-2025:01922-1","SUSE-SU-2025:01927-1","SUSE-SU-2025:01928-1","SUSE-SU-2025:01935-1","SUSE-SU-2025:01950-1","SUSE-SU-2025:01956-1","SUSE-SU-2025:0833-1","SUSE-SU-2025:0833-2","SUSE-SU-2025:0834-1","SUSE-SU-2025:0835-1","SUSE-SU-2025:0853-1","SUSE-SU-2025:0855-1","SUSE-SU-2025:0867-1","SUSE-SU-2025:0945-1","SUSE-SU-2025:4123-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49080.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/198932a14aeb19a15cf19e51e151d023bc4cd648"},{"type":"WEB","url":"https://git.kernel.org/stable/c/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/39a32f3c06f6d68a530bf9612afa19f50f12e93d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ad099559b00ac01c3726e5c95dc3108ef47d03e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e16dc5378abd749a836daa9ee4ab2c8d2668999"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8510c2346d9e47a72b7f018a36ef0c39483e53d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe39ac59dbbf893b73b24e3184161d0bd06d6651"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49080.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49080"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.8.0"},{"fixed":"4.9.311"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.276"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.238"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.189"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.111"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.34"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.16.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.17.0"},{"fixed":"5.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49080.json"}}],"schema_version":"1.7.5"}