{"id":"CVE-2022-49878","summary":"bpf, verifier: Fix memory leak in array reallocation for stack state","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, verifier: Fix memory leak in array reallocation for stack state\n\nIf an error (NULL) is returned by krealloc(), callers of realloc_array()\nwere setting their allocation pointers to NULL, but on error krealloc()\ndoes not touch the original allocation. This would result in a memory\nresource leak. Instead, free the old allocation on the error handling\npath.\n\nThe memory leak information is as follows as also reported by Zhengchao:\n\n  unreferenced object 0xffff888019801800 (size 256):\n  comm \"bpf_repo\", pid 6490, jiffies 4294959200 (age 17.170s)\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c00000000b211474b\u003e] __kmalloc_node_track_caller+0x45/0xc0\n    [\u003c0000000086712a0b\u003e] krealloc+0x83/0xd0\n    [\u003c00000000139aab02\u003e] realloc_array+0x82/0xe2\n    [\u003c00000000b1ca41d1\u003e] grow_stack_state+0xfb/0x186\n    [\u003c00000000cd6f36d2\u003e] check_mem_access.cold+0x141/0x1341\n    [\u003c0000000081780455\u003e] do_check_common+0x5358/0xb350\n    [\u003c0000000015f6b091\u003e] bpf_check.cold+0xc3/0x29d\n    [\u003c000000002973c690\u003e] bpf_prog_load+0x13db/0x2240\n    [\u003c00000000028d1644\u003e] __sys_bpf+0x1605/0x4ce0\n    [\u003c00000000053f29bd\u003e] __x64_sys_bpf+0x75/0xb0\n    [\u003c0000000056fedaf5\u003e] do_syscall_64+0x35/0x80\n    [\u003c000000002bd58261\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd","modified":"2026-03-20T12:22:29.718438Z","published":"2025-05-01T14:10:26.389Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49878.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/06615967d4889b08b19ff3dda96e8b131282f73d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3e210891c4a4c2d858cd6f9f61d5809af251d4df"},{"type":"WEB","url":"https://git.kernel.org/stable/c/42378a9ca55347102bbf86708776061d8fe3ece2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49878.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49878"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c69431aab67a912836e5831f03d99a819c14c9c3"},{"fixed":"06615967d4889b08b19ff3dda96e8b131282f73d"},{"fixed":"3e210891c4a4c2d858cd6f9f61d5809af251d4df"},{"fixed":"42378a9ca55347102bbf86708776061d8fe3ece2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49878.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}