{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50639", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-08T23:57:43.370Z", "datePublished": "2025-12-09T00:00:12.576Z", "dateUpdated": "2025-12-09T00:00:12.576Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T00:00:12.576Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: Fix memory leak in worker creation\n\nIf the CPU mask allocation for a node fails, then the memory allocated for\nthe 'io_wqe' struct of the current node doesn't get freed on the error\nhandling path, since it has not yet been added to the 'wqes' array.\n\nThis was spotted when fuzzing v6.1-rc1 with Syzkaller:\nBUG: memory leak\nunreferenced object 0xffff8880093d5000 (size 1024):\n comm \"syz-executor.2\", pid 7701, jiffies 4295048595 (age 13.900s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000cb463369>] __kmem_cache_alloc_node+0x18e/0x720\n [<00000000147a3f9c>] kmalloc_node_trace+0x2a/0x130\n [<000000004e107011>] io_wq_create+0x7b9/0xdc0\n [<00000000c38b2018>] io_uring_alloc_task_context+0x31e/0x59d\n [<00000000867399da>] __io_uring_add_tctx_node.cold+0x19/0x1ba\n [<000000007e0e7a79>] io_uring_setup.cold+0x1b80/0x1dce\n [<00000000b545e9f6>] __x64_sys_io_uring_setup+0x5d/0x80\n [<000000008a8a7508>] do_syscall_64+0x5d/0x90\n [<000000004ac08bec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/io-wq.c"], "versions": [{"version": "0e03496d1967abf1ebb151a24318c07d07f41f7f", "lessThan": "b6e2c54be37d5eb4f6666e6aa59cd0581c7ffc3c", "status": "affected", "versionType": "git"}, {"version": "0e03496d1967abf1ebb151a24318c07d07f41f7f", "lessThan": "ed981911a7c90a604f4a2bee908ab07e3b786aca", "status": "affected", "versionType": "git"}, {"version": "0e03496d1967abf1ebb151a24318c07d07f41f7f", "lessThan": "996d3efeb091c503afd3ee6b5e20eabf446fd955", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/io-wq.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.75", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.4", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b6e2c54be37d5eb4f6666e6aa59cd0581c7ffc3c"}, {"url": "https://git.kernel.org/stable/c/ed981911a7c90a604f4a2bee908ab07e3b786aca"}, {"url": "https://git.kernel.org/stable/c/996d3efeb091c503afd3ee6b5e20eabf446fd955"}], "title": "io-wq: Fix memory leak in worker creation", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: Fix memory leak in worker creation\n\nIf the CPU mask allocation for a node fails, then the memory allocated for\nthe 'io_wqe' struct of the current node doesn't get freed on the error\nhandling path, since it has not yet been added to the 'wqes' array.\n\nThis was spotted when fuzzing v6.1-rc1 with Syzkaller:\nBUG: memory leak\nunreferenced object 0xffff8880093d5000 (size 1024):\n comm \"syz-executor.2\", pid 7701, jiffies 4295048595 (age 13.900s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000cb463369>] __kmem_cache_alloc_node+0x18e/0x720\n [<00000000147a3f9c>] kmalloc_node_trace+0x2a/0x130\n [<000000004e107011>] io_wq_create+0x7b9/0xdc0\n [<00000000c38b2018>] io_uring_alloc_task_context+0x31e/0x59d\n [<00000000867399da>] __io_uring_add_tctx_node.cold+0x19/0x1ba\n [<000000007e0e7a79>] io_uring_setup.cold+0x1b80/0x1dce\n [<00000000b545e9f6>] __x64_sys_io_uring_setup+0x5d/0x80\n [<000000008a8a7508>] do_syscall_64+0x5d/0x90\n [<000000004ac08bec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}], "id": "CVE-2022-50639", "lastModified": "2025-12-09T18:37:13.640", "metrics": {}, "published": "2025-12-09T01:16:46.280", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/996d3efeb091c503afd3ee6b5e20eabf446fd955"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b6e2c54be37d5eb4f6666e6aa59cd0581c7ffc3c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed981911a7c90a604f4a2bee908ab07e3b786aca"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: io-wq: Fix memory leak in worker creation", "id": "2420295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420295"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nio-wq: Fix memory leak in worker creation\nIf the CPU mask allocation for a node fails, then the memory allocated for\nthe 'io_wqe' struct of the current node doesn't get freed on the error\nhandling path, since it has not yet been added to the 'wqes' array.\nThis was spotted when fuzzing v6.1-rc1 with Syzkaller:\nBUG: memory leak\nunreferenced object 0xffff8880093d5000 (size 1024):\ncomm \"syz-executor.2\", pid 7701, jiffies 4295048595 (age 13.900s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<00000000cb463369>] __kmem_cache_alloc_node+0x18e/0x720\n[<00000000147a3f9c>] kmalloc_node_trace+0x2a/0x130\n[<000000004e107011>] io_wq_create+0x7b9/0xdc0\n[<00000000c38b2018>] io_uring_alloc_task_context+0x31e/0x59d\n[<00000000867399da>] __io_uring_add_tctx_node.cold+0x19/0x1ba\n[<000000007e0e7a79>] io_uring_setup.cold+0x1b80/0x1dce\n[<00000000b545e9f6>] __x64_sys_io_uring_setup+0x5d/0x80\n[<000000008a8a7508>] do_syscall_64+0x5d/0x90\n[<000000004ac08bec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"], "name": "CVE-2022-50639", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50639\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50639\nhttps://lore.kernel.org/linux-cve-announce/2025120935-CVE-2022-50639-789f@gregkh/T"], "threat_severity": "Low"}