{"id":"CVE-2022-49546","summary":"x86/kexec: fix memory leak of elf header buffer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: fix memory leak of elf header buffer\n\nThis is reported by kmemleak detector:\n\nunreferenced object 0xffffc900002a9000 (size 4096):\n  comm \"kexec\", pid 14950, jiffies 4295110793 (age 373.951s)\n  hex dump (first 32 bytes):\n    7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00  .ELF............\n    04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00  ..\u003e.............\n  backtrace:\n    [\u003c0000000016a8ef9f\u003e] __vmalloc_node_range+0x101/0x170\n    [\u003c000000002b66b6c0\u003e] __vmalloc_node+0xb4/0x160\n    [\u003c00000000ad40107d\u003e] crash_prepare_elf64_headers+0x8e/0xcd0\n    [\u003c0000000019afff23\u003e] crash_load_segments+0x260/0x470\n    [\u003c0000000019ebe95c\u003e] bzImage64_load+0x814/0xad0\n    [\u003c0000000093e16b05\u003e] arch_kexec_kernel_image_load+0x1be/0x2a0\n    [\u003c000000009ef2fc88\u003e] kimage_file_alloc_init+0x2ec/0x5a0\n    [\u003c0000000038f5a97a\u003e] __do_sys_kexec_file_load+0x28d/0x530\n    [\u003c0000000087c19992\u003e] do_syscall_64+0x3b/0x90\n    [\u003c0000000066e063a4\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to\nstore elf headers.  While it's not freed back to system correctly when\nkdump kernel is reloaded or unloaded.  Then memory leak is caused.  Fix it\nby introducing x86 specific function arch_kimage_file_post_load_cleanup(),\nand freeing the buffer there.\n\nAnd also remove the incorrect elf header buffer freeing code.  Before\ncalling arch specific kexec_file loading function, the image instance has\nbeen initialized.  So 'image-\u003eelf_headers' must be NULL.  It doesn't make\nsense to free the elf header buffer in the place.\n\nThree different people have reported three bugs about the memory leak on\nx86_64 inside Redhat.","modified":"2026-03-20T12:22:26.677372Z","published":"2025-02-26T02:13:58.867Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1","SUSE-SU-2026:0316-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49546.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833"},{"type":"WEB","url":"https://git.kernel.org/stable/c/23cf39dccf7653650701a6f39b119e9116a27f1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49546.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49546"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"dd5f726076cc7639d9713b334c8c133f77c6757a"},{"fixed":"23cf39dccf7653650701a6f39b119e9116a27f1a"},{"fixed":"8765a423a87d74ef24ea02b43b2728fe4039f248"},{"fixed":"115ee42a4c2f26ba2b4ace2668a3f004621f6833"},{"fixed":"f675e3a9189d84a9324ab45b0cb19906c2bc8fcb"},{"fixed":"b3e34a47f98974d0844444c5121aaff123004e57"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49546.json"}}],"schema_version":"1.7.5"}