ByteOS Network

CVE Vulnerability Details :

CVE-2022-49276

PUBLISHED

More Info Official Page

Assigner-Linux

Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67

Published At-26 Feb, 2025 | 01:56

Updated At-04 May, 2025 | 08:33

▼CVE Numbering Authority (CNA)

jffs2: fix memory leak in jffs2_scan_medium

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_scan_medium If an error is returned in jffs2_scan_eraseblock() and some memory has been added to the jffs2_summary *s, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff88812b889c40 (size 64): comm "mount", pid 692, jiffies 4294838325 (age 34.288s) hex dump (first 32 bytes): 40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P. 00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................ backtrace: [<ffffffffae93a3a3>] __kmalloc+0x613/0x910 [<ffffffffaf423b9c>] jffs2_sum_add_dirent_mem+0x5c/0xa0 [<ffffffffb0f3afa8>] jffs2_scan_medium.cold+0x36e5/0x4794 [<ffffffffb0f3dbe1>] jffs2_do_mount_fs.cold+0xa7/0x2267 [<ffffffffaf40acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffaf40c00a>] jffs2_fill_super+0x2ea/0x4c0 [<ffffffffb0315d64>] mtd_get_sb+0x254/0x400 [<ffffffffb0315f5f>] mtd_get_sb_by_nr+0x4f/0xd0 [<ffffffffb0316478>] get_tree_mtd+0x498/0x840 [<ffffffffaf40bd15>] jffs2_get_tree+0x25/0x30 [<ffffffffae9f358d>] vfs_get_tree+0x8d/0x2e0 [<ffffffffaea7a98f>] path_mount+0x50f/0x1e50 [<ffffffffaea7c3d7>] do_mount+0x107/0x130 [<ffffffffaea7c5c5>] __se_sys_mount+0x1c5/0x2f0 [<ffffffffaea7c917>] __x64_sys_mount+0xc7/0x160 [<ffffffffb10142f5>] do_syscall_64+0x45/0x70 unreferenced object 0xffff888114b54840 (size 32): comm "mount", pid 692, jiffies 4294838325 (age 34.288s) hex dump (first 32 bytes): c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u.............. 00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk. backtrace: [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880 [<ffffffffaf423b04>] jffs2_sum_add_inode_mem+0x54/0x90 [<ffffffffb0f3bd44>] jffs2_scan_medium.cold+0x4481/0x4794 [...] unreferenced object 0xffff888114b57280 (size 32): comm "mount", pid 692, jiffies 4294838393 (age 34.357s) hex dump (first 32 bytes): 10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l............. 00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk. backtrace: [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880 [<ffffffffaf423c34>] jffs2_sum_add_xattr_mem+0x54/0x90 [<ffffffffb0f3a24f>] jffs2_scan_medium.cold+0x298c/0x4794 [...] unreferenced object 0xffff8881116cd510 (size 16): comm "mount", pid 692, jiffies 4294838395 (age 34.355s) hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k. backtrace: [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880 [<ffffffffaf423cc4>] jffs2_sum_add_xref_mem+0x54/0x90 [<ffffffffb0f3b2e3>] jffs2_scan_medium.cold+0x3a20/0x4794 [...] -------------------------------------------- Therefore, we should call jffs2_sum_reset_collected(s) on exit to release the memory added in s. In addition, a new tag "out_buf" is added to prevent the NULL pointer reference caused by s being NULL. (thanks to Zhang Yi for this analysis)

Affected Products

Vendor

Linux Kernel Organization, Inc

Product

Linux

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

fs/jffs2/scan.c

Default Status

unaffected

Versions

Affected

From e631ddba588783edd521c5a89f7b2902772fb691 before 9b0c69182f09b70779817af4dcf89780955d5c4c (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before b36bccb04e14cc0c1e2d0e92d477fe220314fad6 (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before e711913463af916d777a4873068f415f1fe2ad33 (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before 455f4a23490bfcbedc8e5c245c463a59b19e5ddd (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before 51dbb5e36d59f62e34d462b801c1068248149cfe (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before 52ba0ab4f0a606f02a6163493378989faa1ec10a (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before b26bbc0c122cad038831f226a4cb4de702225e16 (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before 82462324bf35b6b553400af1c1aa265069cee28f (git)
From e631ddba588783edd521c5a89f7b2902772fb691 before 9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df (git)

Vendor

Linux Kernel Organization, Inc

Product

Linux

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

fs/jffs2/scan.c

Default Status

affected

Versions

Affected

2.6.15

Unaffected

From 0 before 2.6.15 (semver)
From 4.9.311 through 4.9.* (semver)
From 4.14.276 through 4.14.* (semver)
From 4.19.238 through 4.19.* (semver)
From 5.4.189 through 5.4.* (semver)
From 5.10.110 through 5.10.* (semver)
From 5.15.33 through 5.15.* (semver)
From 5.16.19 through 5.16.* (semver)
From 5.17.2 through 5.17.* (semver)
From 5.18 through * (original_commit_for_fix)

References

Hyperlink	Resource
https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c	N/A
https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6	N/A
https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33	N/A
https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd	N/A
https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe	N/A
https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a	N/A
https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16	N/A
https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f	N/A
https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df	N/A

Affected Products

Affected

Affected

Unaffected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References