AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-50661: In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. O

infovulnerability

security

Source: NVD/CVE DatabaseDecember 9, 2025CVE-2022-50661

Summary

A memory leak vulnerability exists in the Linux kernel's seccomp (secure computing, a security feature that restricts what system calls a process can make) implementation where seccomp filter objects are not properly freed when a process creation fails after a signal interrupts it. The fix moves the copy_seccomp() function to execute after a signal check and adds a warning in free_task() to ensure filters are properly released during process cleanup.

Solution / Mitigation

Move copy_seccomp() to execute after the signal check in copy_process(), and add a WARN_ON_ONCE() in free_task() for future debugging. This ensures seccomp_filter_release() is called to decrement the filter's refcount in the failure path, preventing memory leaks.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-50661

First tracked: February 15, 2026 at 08:36 PM

Classified by LLM (prompt v3) · confidence: 95%