CVE-2022-50821

Vulnerability

Description

CVE-2022-50821 describes a memory leak in the SUNRPC component of the Linux kernel. The bug occurs when the function gss_read_proxy_verf() fails, causing a dynamically allocated netobj memory object to not be freed properly [1][2]. This is a typical resource management flaw where an error path neglects to release previously allocated memory.

Attack

Vector and Prerequisites

Exploitation requires an attacker to be able to trigger a failure in gss_read_proxy_verf(). This function is involved in handling GSS-API proxy verifiers during RPC authentication. While the exact trigger conditions are not fully detailed, the vulnerability is present in code paths that process network requests, meaning a remote attacker could potentially cause the leak by sending crafted RPC messages that lead to an error [3]. No authentication is required if the service is exposed.

Impact

Repeatedly triggering this memory leak can exhaust system memory, leading to a denial of service (DoS) condition. The leaked memory is never reclaimed until the kernel is rebooted, making this a viable vector for resource exhaustion attacks against systems running the affected kernel versions.

Mitigation

The fix is included in newer Linux kernel stable releases. Users should update to a patched kernel version that incorporates the commit which properly frees netobj memory on failure [1][2][3]. No workaround is known besides applying the patch.