CVE-2022-50376 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-50376?

CVE-2022-50376 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's orangefs module. When inserting or removing the orangefs module, dynamically allocated memory isn't properly freed, causing kernel memory leaks. This affects systems using the orangefs filesystem module.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's orangefs module. When inserting or removing the orangefs module, dynamically allocated memory isn't properly freed, causing kernel memory leaks. This affects systems using the orangefs filesystem module.

💻 Affected Systems

Products:

Linux kernel with orangefs module

Versions: Linux kernel versions with vulnerable orangefs code (specific versions not specified in CVE)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if orangefs module is loaded/used. Many systems don't use orangefs by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained memory exhaustion leading to kernel instability, system crashes, or denial of service through resource depletion.

🟠

Likely Case

Gradual memory consumption over time when orangefs module is loaded/unloaded repeatedly, potentially causing performance degradation.

🟢

If Mitigated

Minimal impact as memory leaks are slow and require repeated module operations to accumulate significant memory loss.

🌐 Internet-Facing: LOW - Requires local access to load/unload kernel modules, which typically requires root privileges.

🏢 Internal Only: MEDIUM - Local users with root privileges could potentially exploit this to degrade system performance over time.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires root privileges to load/unload kernel modules. Memory leak is slow and requires repeated operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 0cd303aad220fafa595e0ed593e99aa51b90412b or other listed fixes

Vendor Advisory: https://git.kernel.org/stable/c/0cd303aad220fafa595e0ed593e99aa51b90412b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify orangefs module loads without memory leaks.

🔧 Temporary Workarounds

Disable orangefs module

all

Prevent loading of vulnerable orangefs module

echo 'blacklist orangefs' >> /etc/modprobe.d/blacklist.conf
rmmod orangefs

🧯 If You Can't Patch

Avoid loading/unloading orangefs module
Monitor system memory usage for unusual patterns

🔍 How to Verify

Check if Vulnerable:

Check if orangefs module is loaded: lsmod | grep orangefs. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or test memory usage after module operations with tools like kmemleak.

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory allocation failures
System logs showing high memory usage

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel panic logs or memory allocation failure messages in system logs

📊 Metadata

CVE ID: CVE-2022-50376

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: September 18, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50376, you might also want to check these: