VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2022-50631

CVE-2022-50631

Description

In the Linux kernel, the following vulnerability has been resolved:

RISC-V: kexec: Fix memory leak of fdt buffer

This is reported by kmemleak detector:

unreferenced object 0xff60000082864000 (size 9588): comm "kexec", pid 146, jiffies 4294900634 (age 64.788s) hex dump (first 32 bytes): d0 0d fe ed 00 00 12 ed 00 00 00 48 00 00 11 40 ...........H...@ 00 00 00 28 00 00 00 11 00 00 00 02 00 00 00 00 ...(............ backtrace: [<00000000f95b17c4>] kmemleak_alloc+0x34/0x3e [<00000000b9ec8e3e>] kmalloc_order+0x9c/0xc4 [<00000000a95cf02e>] kmalloc_order_trace+0x34/0xb6 [<00000000f01e68b4>] __kmalloc+0x5c2/0x62a [<000000002bd497b2>] kvmalloc_node+0x66/0xd6 [<00000000906542fa>] of_kexec_alloc_and_setup_fdt+0xa6/0x6ea [<00000000e1166bde>] elf_kexec_load+0x206/0x4ec [<0000000036548e09>] kexec_image_load_default+0x40/0x4c [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322 [<0000000040c62c03>] ret_from_syscall+0x0/0x2

In elf_kexec_load(), a buffer is allocated via kvmalloc() to store fdt. While it's not freed back to system when kexec kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing riscv specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the RISC-V kexec implementation occurs when the FDT buffer is not freed on reload or unload, leading to resource exhaustion.

Vulnerability

In the Linux kernel, a memory leak vulnerability exists in the RISC-V architecture's kexec implementation. When loading a kexec kernel, a buffer is allocated via kvmalloc() to store the Flattened Device Tree (FDT). This buffer is not freed when the kexec kernel is reloaded or unloaded, resulting in a gradual memory leak. The issue was reported by the kmemleak detector, which identified unreferenced objects persisting after kexec operations [1].

Exploitation

An attacker with the ability to trigger repeated kexec operations (e.g., via the kexec_file_load syscall) can exploit this vulnerability to exhaust system memory. No authentication is required if the attacker has local access to the system. The leak occurs each time a kexec kernel is loaded, as the FDT buffer from the previous load is not reclaimed [2].

Impact

Over time, repeated kexec operations can lead to memory exhaustion, potentially causing system instability or denial of service (DoS). This could prevent legitimate processes from allocating memory, or even crash the system.

Mitigation

The fix introduces a RISC-V specific function arch_kimage_file_post_load_cleanup() that properly frees the FDT buffer when a kexec kernel is reloaded or unloaded. The patch has been applied to the stable kernel branches [1][2]. Users should update to the latest stable kernel to remediate the issue.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
c66ad198b649
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
dc387c34d8dd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
96df59b1ae23
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.