CVE-2022-50743
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

erofs: Fix pcluster memleak when its block address is zero

syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed

unreferenced object 0xffff88811009c7f8 (size 136): ... backtrace: [] z_erofs_do_read_page+0x99b/0x1740 [] z_erofs_readahead+0x24e/0x580 [] read_pages+0x86/0x3d0 ...

syzkaller constructed a case: in z_erofs_register_pcluster(), ztailpacking = false and map->m_pa = zero. This makes pcl->obj.index be zero although pcl is not a inline pcluster.

Then following path adds refcount for grp, but the refcount won't be put because pcl is inline.

z_erofs_readahead() z_erofs_do_read_page() # for another page z_erofs_collector_begin() erofs_find_workgroup() erofs_workgroup_get()

Since it's illegal for the block address of a non-inlined pcluster to be zero, add check here to avoid registering the pcluster which would be leaked.


SourceNVD

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-71142N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-devel-matched
NoNoJan 14, 2026
CVE-2025-71137N/AN/A
  • Linux KernelLinux Kernel
  • linux-gcp
NoYesJan 14, 2026
CVE-2025-71135N/AN/A
  • Linux KernelLinux Kernel
  • kernel-debug-core
NoNoJan 14, 2026
CVE-2025-71134N/AN/A
  • Linux KernelLinux Kernel
  • kernel-uki-virt
NoNoJan 14, 2026
CVE-2025-71133N/AN/A
  • Linux KernelLinux Kernel
  • kernel-modules-extra
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management