CVE-2022-50065

virtio_net: fix memory leak inside XPD_TX with mergeable

Description

In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returns NULL, we should check if xdp_page was allocated by xdp_linearize_page(). If it is newly allocated, it should be freed here alone. Just like any other "goto err_xdp".

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/faafa2a87f697ee537c29446097e1cc3143506fa
https://git.kernel.org/stable/c/d3723eab11196475ef83279571b2b0bd0924cf82
https://git.kernel.org/stable/c/18e383afbd7047af7b055df6e25436e0ce28f8a5
https://git.kernel.org/stable/c/7a542bee27c6a57e45c33cbbdc963325fd6493af

Frequently Asked Questions

What is the severity of CVE-2022-50065?
CVE-2022-50065 has not yet been assigned a CVSS score.
How to fix CVE-2022-50065?
To fix CVE-2022-50065, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50065 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-50065 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50065?
CVE-2022-50065 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.