{"id":"CVE-2022-49256","summary":"watch_queue: Actually free the watch","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Actually free the watch\n\nfree_watch() does everything barring actually freeing the watch object.  Fix\nthis by adding the missing kfree.\n\nkmemleak produces a report something like the following.  Note that as an\naddress can be seen in the first word, the watch would appear to have gone\nthrough call_rcu().\n\nBUG: memory leak\nunreferenced object 0xffff88810ce4a200 (size 96):\n  comm \"syz-executor352\", pid 3605, jiffies 4294947473 (age 13.720s)\n  hex dump (first 32 bytes):\n    e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00  ..H.............\n    80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffff8214e6cc\u003e] kmalloc include/linux/slab.h:581 [inline]\n    [\u003cffffffff8214e6cc\u003e] kzalloc include/linux/slab.h:714 [inline]\n    [\u003cffffffff8214e6cc\u003e] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800\n    [\u003cffffffff8214ec84\u003e] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016\n    [\u003cffffffff84493a25\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    [\u003cffffffff84493a25\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n    [\u003cffffffff84600068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae","modified":"2026-05-15T11:53:32.704042730Z","published":"2025-02-26T01:56:10.599Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49256.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/31824613a42aacdcbeb325bf07a1c8247a11ebe2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d8dcf278b1ee1eff1e90be848fa2237db4c07a7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7e8c9b0df07a77f0d072603b8ced2677e30e1893"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f69aecb49968e14196366bbe896eab0a904229f5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49256.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49256"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.8.0"},{"fixed":"5.10.110"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.33"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.16.19"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.17.0"},{"fixed":"5.17.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49256.json"}}],"schema_version":"1.7.5"}