CVE-2022-50577

Vulnerability

Overview

In the Linux kernel, a memory leak vulnerability exists in the __ima_inode_hash() function within the Integrity Measurement Architecture (IMA) subsystem. The issue was introduced by commit f3cc6b25dcc5, which allowed measurement or audit to proceed even when the file digest cannot be calculated. As a result, the iint->ima_hash field could be allocated despite ima_collect_measurement() returning an error, leading to a memory leak because the allocated hash was not freed in the error path [1].

Exploitation and

Attack Surface

This vulnerability is triggered when the IMA subsystem processes a file for which the digest calculation fails, but the policy still requires measurement or audit still occurs. The error path in __ima_inode_hash() did not properly free the ima_hash allocation when ima_collect_measurement() returned an error other than -ENOMEM. An attacker with the ability to cause digest calculation failures (e.g., by manipulating file content or system state) could repeatedly trigger this code path, leading to memory exhaustion over time. No special privileges are required beyond those needed to trigger IMA operations on the system [1].

Impact

An attacker exploiting this memory leak could cause gradual depletion of kernel memory, potentially leading to denial of service (DoS) conditions. The leak is per-operation, so repeated triggers could exhaust system memory, impacting system stability and availability. The fix ensures that ima_hash is freed when ima_collect_ima_collect_measurement() returns an error other than -ENOMEM, preventing the leak [1].

Mitigation

The vulnerability is fixed in the Linux kernel stable tree with commit c4df8cb38f139ed9f4296868c0a6f15a26e8c491. Users should apply the latest kernel updates from their distribution to remediate this issue. No workarounds are documented, as the fix is a kernel patch is required [1].