[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2022-50661":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":33},"DEBIAN-CVE-2022-50661","In the Linux kernel, the following vulnerability has been resolved:  seccomp: Move copy_seccomp() to no failure path.  Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the report [1].  It shows that we miss freeing struct seccomp_filter and some objects included in it.  We can reproduce the issue with the program below [2] which calls one seccomp() and two clone() syscalls.  The first clone()d child exits earlier than its parent and sends a signal to kill it during the second clone(), more precisely before the fatal_signal_pending() test in copy_process().  When the parent receives the signal, it has to destroy the embryonic process and return -EINTR to user space.  In the failure path, we have to call seccomp_filter_release() to decrement the filter's refcount.  Initially, we called it in free_task() called from the failure path, but the commit 3a15fb6ed92c (\"seccomp: release filter after task is fully dead\") moved it to release_task() to notify user space as early as possible that the filter is no longer used.  To keep the change and current seccomp refcount semantics, let's move copy_seccomp() just after the signal check and add a WARN_ON_ONCE() in free_task() for future debugging.  [0]: unreferenced object 0xffff8880063add00 (size 256):   comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.914s)   hex dump (first 32 bytes):     01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................     ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................   backtrace:     do_seccomp (./include/linux/slab.h:600 ./include/linux/slab.h:733 kernel/seccomp.c:666 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)     do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)     entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffffc90000035000 (size 4096):   comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.915s)   hex dump (first 32 bytes):     01 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00  ................     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   backtrace:     __vmalloc_node_range (mm/vmalloc.c:3226)     __vmalloc_node (mm/vmalloc.c:3261 (discriminator 4))     bpf_prog_alloc_no_stats (kernel/bpf/core.c:91)     bpf_prog_alloc (kernel/bpf/core.c:129)     bpf_prog_create_from_user (net/core/filter.c:1414)     do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)     do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)     entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffff888003fa1000 (size 1024):   comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.915s)   hex dump (first 32 bytes):     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................   backtrace:     bpf_prog_alloc_no_stats (./include/linux/slab.h:600 ./include/linux/slab.h:733 kernel/bpf/core.c:95)     bpf_prog_alloc (kernel/bpf/core.c:129)     bpf_prog_create_from_user (net/core/filter.c:1414)     do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)     do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)     entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffff888006360240 (size 16):   comm \"repro_seccomp\", pid 230, jiffies 4294687090 (age 9.915s)   hex dump (first 16 bytes):     01 00 37 00 76 65 72 6c e0 83 01 06 80 88 ff ff  ..7.verl........   backtrace:     bpf_prog_store_orig_filter (net/core/filter.c:1137)     bpf_prog_create_from_user (net/core/filter.c:1428)     do_seccomp (kernel/seccomp.c:671 kernel/seccomp.c:708 kernel/seccomp.c:1871 kernel/seccomp.c:1991)     do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)     entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) unreferenced object 0xffff888 ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2022-50661",[],[],[],"2025-12-09T16:17:17.757Z","2026-04-28T20:25:40.644278Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2022-50661",[27],"osv_debian",[29],"Advisory",[],[],[],[34],{"ecosystem":35,"name":36,"vendor":37,"product":36,"cpe_part":9,"purl_type":38,"purl_namespace":37,"purl_name":36,"source":9,"versions":39},"Debian","linux","debian","deb",[40,46,49,50],{"version":41,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":44,"version_end_type":45,"fixed_in":9},"lt5_10_191_1",true,"ecosystem","5.10.191-1","excluding",{"version":47,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":48,"version_end_type":45,"fixed_in":9},"lt6_1_4_1","6.1.4-1",{"version":47,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":48,"version_end_type":45,"fixed_in":9},{"version":47,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":48,"version_end_type":45,"fixed_in":9}]