{"id":"CVE-2022-50577","summary":"ima: Fix memory leak in __ima_inode_hash()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix memory leak in __ima_inode_hash()\n\nCommit f3cc6b25dcc5 (\"ima: always measure and audit files in policy\") lets\nmeasurement or audit happen even if the file digest cannot be calculated.\n\nAs a result, iint-\u003eima_hash could have been allocated despite\nima_collect_measurement() returning an error.\n\nSince ima_hash belongs to a temporary inode metadata structure, declared\nat the beginning of __ima_inode_hash(), just add a kfree() call if\nima_collect_measurement() returns an error different from -ENOMEM (in that\ncase, ima_hash should not have been allocated).","modified":"2026-04-02T08:28:38.512604Z","published":"2025-10-22T13:23:30.910Z","related":["SUSE-SU-2025:4149-1","SUSE-SU-2025:4320-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50577.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4df8cb38f139ed9f4296868c0a6f15a26e8c491"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f375bcf69f58fd0744c9dfd1b6b891a27301d67b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50577.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50577"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"280fe8367b0dc45b6ac5e04fad03e16e99540c0c"},{"fixed":"c4df8cb38f139ed9f4296868c0a6f15a26e8c491"},{"fixed":"f375bcf69f58fd0744c9dfd1b6b891a27301d67b"},{"fixed":"8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50577.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.18.0"},{"fixed":"6.0.18"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50577.json"}}],"schema_version":"1.7.5"}