VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50761

CVE-2022-50761

Description

In the Linux kernel, the following vulnerability has been resolved:

x86/xen: Fix memory leak in xen_init_lock_cpu()

In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead to a memory leak issue, fix it.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, a memory leak in xen_init_lock_cpu() can occur when bind_ipi_to_irqhandler() fails.

Vulnerability

Details

The vulnerability is a memory leak in the xen_init_lock_cpu() function in the Linux kernel's x86/xen subsystem. The function uses kasprintf() to allocate a string for the name. If the subsequent call to bind_ipi_to_irqhandler() fails, the allocated string is not freed, resulting in a memory leak.

Exploitation

To exploit this, an attacker must be able to trigger a failure in bind_ipi_to_irqhandler() during CPU initialization in a Xen environment. This may require specific system conditions or a crafted configuration. No special privileges are explicitly required, but the attack vector is likely local.

Impact

The memory leak can gradually exhaust kernel memory, potentially leading to system instability or denial of service. There is no indication of code execution or privilege escalation.

Mitigation

The fix involves freeing the allocated string in the error path. Patches have been applied to stable kernel branches [1][2][3]. Users should update to patched kernels.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

9
9278bdbb5666
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
07764d00c869
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
53ff99c76be6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
29198f667f44
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
70e7f308d7a8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
70966d6b0f59
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
798fc3cf98ca
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b44457b83a03
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ca84ce153d88
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.