CVE-2022-50707 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed in the invalid ctrl_status->status error handling case. Otherwise there is a memory leak.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0871df190fe6723464efe0f493d476411616f553
https://git.kernel.org/stable/c/67fb59ff1384e338679c0eb7a43c83ce8868c9fa
https://git.kernel.org/stable/c/79026a2d0a1b080257773d22a493f9bcab8c65be
https://git.kernel.org/stable/c/b1d65f717cd6305a396a8738e022c6f7c65cfbe8

History

Wed, 24 Dec 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() 'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), and should be freed in the invalid ctrl_status->status error handling case. Otherwise there is a memory leak.
Title		virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0871df190fe6723464efe0f493d476411616f553 https://git.kernel.org/stable/c/67fb59ff1384e338679c0eb7a43c83ce8868c9fa https://git.kernel.org/stable/c/79026a2d0a1b080257773d22a493f9bcab8c65be https://git.kernel.org/stable/c/b1d65f717cd6305a396a8738e022c6f7c65cfbe8

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T10:55:21.547Z

Updated: 2025-12-24T10:55:21.547Z

Reserved: 2025-12-24T10:53:15.518Z

Link: CVE-2022-50707

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T11:15:50.880

Modified: 2025-12-24T11:15:50.880

Link: CVE-2022-50707

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50707", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:53:15.518Z", "datePublished": "2025-12-24T10:55:21.547Z", "dateUpdated": "2025-12-24T10:55:21.547Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T10:55:21.547Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()\n\n'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(),\nand should be freed in the invalid ctrl_status->status error handling\ncase. Otherwise there is a memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/virtio/virtio_crypto_skcipher_algs.c"], "versions": [{"version": "4ee475e76b5ea8061970a7c867ffa5eedeb39580", "lessThan": "79026a2d0a1b080257773d22a493f9bcab8c65be", "status": "affected", "versionType": "git"}, {"version": "0756ad15b1fef287d4d8fa11bc36ea77a5c42e4a", "lessThan": "67fb59ff1384e338679c0eb7a43c83ce8868c9fa", "status": "affected", "versionType": "git"}, {"version": "0756ad15b1fef287d4d8fa11bc36ea77a5c42e4a", "lessThan": "0871df190fe6723464efe0f493d476411616f553", "status": "affected", "versionType": "git"}, {"version": "0756ad15b1fef287d4d8fa11bc36ea77a5c42e4a", "lessThan": "b1d65f717cd6305a396a8738e022c6f7c65cfbe8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/virtio/virtio_crypto_skcipher_algs.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.19", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.5", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.0.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/79026a2d0a1b080257773d22a493f9bcab8c65be"}, {"url": "https://git.kernel.org/stable/c/67fb59ff1384e338679c0eb7a43c83ce8868c9fa"}, {"url": "https://git.kernel.org/stable/c/0871df190fe6723464efe0f493d476411616f553"}, {"url": "https://git.kernel.org/stable/c/b1d65f717cd6305a396a8738e022c6f7c65cfbe8"}], "title": "virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()", "x_generator": {"engine": "bippy-1.2.0"}}}}