SB2025122659 - Memory leak in Linux kernel x86 xen

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2022-50761)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xen_init_lock_cpu() and xen_uninit_lock_cpu() functions in arch/x86/xen/spinlock.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/07764d00c869a3390bd4f80412cc8b0e669e6c58
• https://git.kernel.org/stable/c/29198f667f4486f9e227e11faf1411fcf4c82a66
• https://git.kernel.org/stable/c/53ff99c76be611acea37d33133c9136969914865
• https://git.kernel.org/stable/c/70966d6b0f59f795b08a70adf5e4478348ecbfbb
• https://git.kernel.org/stable/c/70e7f308d7a8e915c7fbc0f1d959968eab8000cd
• https://git.kernel.org/stable/c/798fc3cf98ca07e448956f39295c5d686ab4b054
• https://git.kernel.org/stable/c/9278bdbb566656b3704704f8dd6cbc24a6fcc569
• https://git.kernel.org/stable/c/b44457b83a034efef58ffa5f3131d4615f1a9837
• https://git.kernel.org/stable/c/ca84ce153d887b1dc8b118029976cc9faf2a9b40
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2