{"id":"CVE-2022-49080","summary":"mm/mempolicy: fix mpol_new leak in shared_policy_replace","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller.  But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new.  This would happen if mempolicy was updated on\nthe shared shmem file while the sp-\u003elock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n  shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n  shm = shmat(shmid, 0, 0);\n  loop many times {\n    mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n    mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n          maxnode, 0);\n  }","modified":"2026-04-02T08:27:16.549955Z","published":"2025-02-26T01:54:41.176Z","related":["SUSE-SU-2025:01844-1","SUSE-SU-2025:01849-1","SUSE-SU-2025:01868-1","SUSE-SU-2025:01869-1","SUSE-SU-2025:01873-1","SUSE-SU-2025:01875-1","SUSE-SU-2025:01892-1","SUSE-SU-2025:01893-1","SUSE-SU-2025:01899-1","SUSE-SU-2025:01901-1","SUSE-SU-2025:01906-1","SUSE-SU-2025:01907-1","SUSE-SU-2025:01922-1","SUSE-SU-2025:01927-1","SUSE-SU-2025:01928-1","SUSE-SU-2025:01935-1","SUSE-SU-2025:01950-1","SUSE-SU-2025:01956-1","SUSE-SU-2025:0833-1","SUSE-SU-2025:0833-2","SUSE-SU-2025:0834-1","SUSE-SU-2025:0835-1","SUSE-SU-2025:0853-1","SUSE-SU-2025:0855-1","SUSE-SU-2025:0867-1","SUSE-SU-2025:0945-1","SUSE-SU-2025:4123-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49080.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/198932a14aeb19a15cf19e51e151d023bc4cd648"},{"type":"WEB","url":"https://git.kernel.org/stable/c/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/39a32f3c06f6d68a530bf9612afa19f50f12e93d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ad099559b00ac01c3726e5c95dc3108ef47d03e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e16dc5378abd749a836daa9ee4ab2c8d2668999"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8510c2346d9e47a72b7f018a36ef0c39483e53d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe39ac59dbbf893b73b24e3184161d0bd06d6651"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49080.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49080"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"42288fe366c4f1ce7522bc9f27d0bc2a81c55264"},{"fixed":"8510c2346d9e47a72b7f018a36ef0c39483e53d6"},{"fixed":"5e16dc5378abd749a836daa9ee4ab2c8d2668999"},{"fixed":"39a32f3c06f6d68a530bf9612afa19f50f12e93d"},{"fixed":"25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b"},{"fixed":"f7e183b0a7136b6dc9c7b9b2a85a608a8feba894"},{"fixed":"198932a14aeb19a15cf19e51e151d023bc4cd648"},{"fixed":"6e00309ac716fa8225f0cbde2cd9c24f0e74ee21"},{"fixed":"fe39ac59dbbf893b73b24e3184161d0bd06d6651"},{"fixed":"4ad099559b00ac01c3726e5c95dc3108ef47d03e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49080.json"}}],"schema_version":"1.7.5"}