{"id":"CVE-2022-49959","summary":"openvswitch: fix memory leak at failed datapath creation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix memory leak at failed datapath creation\n\novs_dp_cmd_new()-\u003eovs_dp_change()-\u003eovs_dp_set_upcall_portids()\nallocates array via kmalloc.\nIf for some reason new_vport() fails during ovs_dp_cmd_new()\ndp-\u003eupcall_portids must be freed.\nAdd missing kfree.\n\nKmemleak example:\nunreferenced object 0xffff88800c382500 (size 64):\n  comm \"dump_state\", pid 323, jiffies 4294955418 (age 104.347s)\n  hex dump (first 32 bytes):\n    5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff  ^.y..z8..!8.....\n    03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00  ............(...\n  backtrace:\n    [\u003c0000000071bebc9f\u003e] ovs_dp_set_upcall_portids+0x38/0xa0\n    [\u003c000000000187d8bd\u003e] ovs_dp_change+0x63/0xe0\n    [\u003c000000002397e446\u003e] ovs_dp_cmd_new+0x1f0/0x380\n    [\u003c00000000aa06f36e\u003e] genl_family_rcv_msg_doit+0xea/0x150\n    [\u003c000000008f583bc4\u003e] genl_rcv_msg+0xdc/0x1e0\n    [\u003c00000000fa10e377\u003e] netlink_rcv_skb+0x50/0x100\n    [\u003c000000004959cece\u003e] genl_rcv+0x24/0x40\n    [\u003c000000004699ac7f\u003e] netlink_unicast+0x23e/0x360\n    [\u003c00000000c153573e\u003e] netlink_sendmsg+0x24e/0x4b0\n    [\u003c000000006f4aa380\u003e] sock_sendmsg+0x62/0x70\n    [\u003c00000000d0068654\u003e] ____sys_sendmsg+0x230/0x270\n    [\u003c0000000012dacf7d\u003e] ___sys_sendmsg+0x88/0xd0\n    [\u003c0000000011776020\u003e] __sys_sendmsg+0x59/0xa0\n    [\u003c000000002e8f2dc1\u003e] do_syscall_64+0x3b/0x90\n    [\u003c000000003243e7cb\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd","modified":"2026-04-02T08:28:05.755054Z","published":"2025-06-18T11:00:20.749Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49959.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/a87406f4adee9c53b311d8a1ba2849c69e29a6d0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0c1c0241917459644326a1a3102207c871ae159"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ca54b2bfaab385778e55a9fd33f6c31e7f743b48"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49959.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49959"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b83d23a2a38b1770da0491257ae81d52307f7816"},{"fixed":"ca54b2bfaab385778e55a9fd33f6c31e7f743b48"},{"fixed":"c0c1c0241917459644326a1a3102207c871ae159"},{"fixed":"a87406f4adee9c53b311d8a1ba2849c69e29a6d0"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49959.json"}}],"schema_version":"1.7.5"}