{"id":"CVE-2022-49890","summary":"capabilities: fix potential memleak on error path from vfs_getxattr_alloc()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncapabilities: fix potential memleak on error path from vfs_getxattr_alloc()\n\nIn cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to\ncomplete the memory allocation of tmpbuf, if we have completed\nthe memory allocation of tmpbuf, but failed to call handler-\u003eget(...),\nthere will be a memleak in below logic:\n\n  |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)\n    |           /* ^^^ alloc for tmpbuf */\n    |-- value = krealloc(*xattr_value, error + 1, flags)\n    |           /* ^^^ alloc memory */\n    |-- error = handler-\u003eget(handler, ...)\n    |           /* error! */\n    |-- *xattr_value = value\n    |           /* xattr_value is &tmpbuf (memory leak!) */\n\nSo we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.\n\n[PM: subject line and backtrace tweaks]","modified":"2026-04-03T13:14:27.406601025Z","published":"2025-05-01T14:10:34.481Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49890.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2de8eec8afb75792440b8900a01d52b8f6742fd1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7480aeff0093d8c54377553ec6b31110bea37b4d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8cf0a1bc12870d148ae830a4ba88cfdf0e879cee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/90577bcc01c4188416a47269f8433f70502abe98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cdf01c807e974048c43c7fd3ca574f6086a57906"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49890.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49890"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8db6c34f1dbc8e06aa016a9b829b06902c3e1340"},{"fixed":"6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85"},{"fixed":"90577bcc01c4188416a47269f8433f70502abe98"},{"fixed":"0c3e6288da650d1ec911a259c77bc2d88e498603"},{"fixed":"cdf01c807e974048c43c7fd3ca574f6086a57906"},{"fixed":"2de8eec8afb75792440b8900a01d52b8f6742fd1"},{"fixed":"7480aeff0093d8c54377553ec6b31110bea37b4d"},{"fixed":"8cf0a1bc12870d148ae830a4ba88cfdf0e879cee"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49890.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}