VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50765

CVE-2022-50765

Description

In the Linux kernel, the following vulnerability has been resolved:

RISC-V: kexec: Fix memory leak of elf header buffer

This is reported by kmemleak detector:

unreferenced object 0xff2000000403d000 (size 4096): comm "kexec", pid 146, jiffies 4294900633 (age 64.792s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 f3 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000566ca97c>] kmemleak_vmalloc+0x3c/0xbe [<00000000979283d8>] __vmalloc_node_range+0x3ac/0x560 [<00000000b4b3712a>] __vmalloc_node+0x56/0x62 [<00000000854f75e2>] vzalloc+0x2c/0x34 [<00000000e9a00db9>] crash_prepare_elf64_headers+0x80/0x30c [<0000000067e8bf48>] elf_kexec_load+0x3e8/0x4ec [<0000000036548e09>] kexec_image_load_default+0x40/0x4c [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322 [<0000000040c62c03>] ret_from_syscall+0x0/0x2

In elf_kexec_load(), a buffer is allocated via vzalloc() to store elf headers. While it's not freed back to system when kdump kernel is reloaded or unloaded, or when image->elf_header is successfully set and then fails to load kdump kernel for some reason. Fix it by freeing the buffer in arch_kimage_file_post_load_cleanup().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's RISC-V kexec implementation where the ELF header buffer is not freed when the kdump kernel is reloaded, unloaded, or fails to load.

Vulnerability

In the Linux kernel's RISC-V architecture, the elf_kexec_load() function allocates a buffer via vzalloc() to store ELF headers for kexec/kdump operations. This buffer is not freed when the kdump kernel is reloaded or unloaded, or when the image's elf_header is successfully set but the kdump kernel subsequently fails to load. This leads to a memory leak, as reported by the kmemleak detector [1].

Exploitation

The vulnerability is triggered during normal kexec operations, specifically when a user performs a kexec file load (via the sys_kexec_file_load syscall) and then either reloads, unloads, or encounters a failure after setting the ELF headers. No special privileges beyond those required to execute kexec are needed, but the attacker must have the ability to trigger these operations on a RISC-V system.

Impact

An attacker who can repeatedly trigger kexec operations can exhaust kernel memory by leaking 4 KB (the size of the ELF header buffer) per operation. This could lead to denial of service (system instability or crash) due to memory exhaustion. The leak is limited to the RISC-V architecture and affects systems using kexec/kdump.

Mitigation

The fix is included in Linux kernel stable commit 090bfcfc9f14, which frees the buffer in arch_kimage_file_post_load_cleanup(). Users should apply the patch or update to a kernel version containing this fix. No workaround is available other than avoiding repeated kexec operations on unpatched systems.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
090bfcfc9f14
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cdea2da67875
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cbc32023ddbd
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.