VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50748

CVE-2022-50748

Description

In the Linux kernel, the following vulnerability has been resolved:

ipc: mqueue: fix possible memory leak in init_mqueue_fs()

commit db7cfc380900 ("ipc: Free mq_sysctls if ipc namespace creation failed")

Here's a similar memory leak to the one fixed by the patch above. retire_mq_sysctls need to be called when init_mqueue_fs fails after setup_mq_sysctls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's mqueue filesystem initialization when setup_mq_sysctls succeeds but later init steps fail.

Vulnerability

Description A memory leak occurs in the Linux kernel's init_mqueue_fs() function during filesystem initialization for POSIX message queues. The function calls setup_mq_sysctls() to allocate sysctl tables, but if a subsequent step fails, the allocated sysctl structures are not freed. This mirrors a previously fixed leak in the ipc namespace creation path [1].

Exploitation

Conditions No special privileges or network access are required for the bug to manifest—it triggers during kernel boot or module loading when the mqueue filesystem is initialized. An attacker would need the ability to cause the initialization to fail (e.g., by exhausting kernel memory), but the primary risk is a system-level memory leak that degrades availability over time.

Impact

The leak gradually consumes kernel memory, potentially leading to resource exhaustion and denial of service. Under sustained trigger conditions, the system may become unresponsive or crash. There is no data confidentiality or integrity impact.

Mitigation

The fix has been merged into the stable kernel tree [1]. Systems running kernels prior to the patch are vulnerable; updating to a patched version resolves the issue. No workarounds are documented.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
a1f321051e0d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
55b3709c6d68
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c579d60f0d0c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.