{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:01:35.631","vulnerabilities":[{"cve":{"id":"CVE-2022-50743","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-24T13:16:01.020","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix pcluster memleak when its block address is zero\n\nsyzkaller reported a memleak:\nhttps://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed\n\nunreferenced object 0xffff88811009c7f8 (size 136):\n  ...\n  backtrace:\n    [<ffffffff821db19b>] z_erofs_do_read_page+0x99b/0x1740\n    [<ffffffff821dee9e>] z_erofs_readahead+0x24e/0x580\n    [<ffffffff814bc0d6>] read_pages+0x86/0x3d0\n    ...\n\nsyzkaller constructed a case: in z_erofs_register_pcluster(),\nztailpacking = false and map->m_pa = zero. This makes pcl->obj.index be\nzero although pcl is not a inline pcluster.\n\nThen following path adds refcount for grp, but the refcount won't be put\nbecause pcl is inline.\n\nz_erofs_readahead()\n  z_erofs_do_read_page() # for another page\n    z_erofs_collector_begin()\n      erofs_find_workgroup()\n        erofs_workgroup_get()\n\nSince it's illegal for the block address of a non-inlined pcluster to\nbe zero, add check here to avoid registering the pcluster which would\nbe leaked."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/618e712b99c78d1004b70a1a9ab0a4830d0b2673","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ac54c1f7b288d83b6ba1e320efff24ecc21309cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c42c0ffe81176940bd5dead474216b7198d77675","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}