CVE Tools

CVE-2022-50466

fs/binfmt_elf: Fix memory leak in load_elf_binary()

Published: Oct 1, 2025Updated: Jan 16, 2026 Sources: CVE List NVD BDUCWE-401

No Known Exploits

Patch Available

Description

In the Linux kernel, the following vulnerability has been resolved: fs/binfmt_elf: Fix memory leak in load_elf_binary() There is a memory leak reported by kmemleak: unreferenced object 0xffff88817104ef80 (size 224): comm "xfs_admin", pid 47165, jiffies 4298708825 (age 1333.476s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff `.........Z..... backtrace: [<ffffffff819171e1>] __alloc_file+0x21/0x250 [<ffffffff81918061>] alloc_empty_file+0x41/0xf0 [<ffffffff81948cda>] path_openat+0xea/0x3d30 [<ffffffff8194ec89>] do_filp_open+0x1b9/0x290 [<ffffffff8192660e>] do_open_execat+0xce/0x5b0 [<ffffffff81926b17>] open_exec+0x27/0x50 [<ffffffff81a69250>] load_elf_binary+0x510/0x3ed0 [<ffffffff81927759>] bprm_execve+0x599/0x1240 [<ffffffff8192a997>] do_execveat_common.isra.0+0x4c7/0x680 [<ffffffff8192b078>] __x64_sys_execve+0x88/0xb0 [<ffffffff83bbf0a5>] do_syscall_64+0x35/0x80 If "interp_elf_ex" fails to allocate memory in load_elf_binary(), the program will take the "out_free_ph" error handing path, resulting in "interpreter" file resource is not released. Fix it by adding an error handing path "out_free_file", which will release the file resource when "interp_elf_ex" failed to allocate memory.

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:LPrivileges Required

Low

UI:NUser Interaction

None

Scope

S:UScope

Unchanged

Impact

C:NConfidentiality

None

I:NIntegrity

None

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

linux kernel linux

On-premOS

Operating Systems

On-premOS

Operating Systems / linux-distro

Debian GNU/Linux Сообщество свободного программного обеспечения

On-premOS

Operating Systems / linux-distro

SUSE Linux Enterprise Server for SAP Applications Novell Inc.

On-premOS

Operating Systems / linux-distro

SUSE Linux Enterprise Micro Novell Inc.

On-premOS

Operating Systems / linux-distro

linuxoss-projectOperating Systemsaka the linux kernel

сообщество свободного программного обеспеченияoss-projectOperating Systemsaka сообщество свободного программного обеспечения, fsf

novell inc.commercialUSOperating Systems

and 3 more affected products View all →

Exploitability

Official Patch Available

References

https://git.kernel.org/stable/c/265b6fb780f57d10449a40e94219b28fa52479cc

https://git.kernel.org/stable/c/594d2a14f2168c09b13b114c3d457aa939403e52

https://git.kernel.org/stable/c/706215300411d48db6b51a5832b872632a84bbc1

and 8 more references View all →

Timeline

Published

Oct 1, 2025

Last Updated

Jan 16, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-50466 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows