{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-49276", "ASSIGNER": "cve@kernel.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_scan_medium\n\nIf an error is returned in jffs2_scan_eraseblock() and some memory\nhas been added to the jffs2_summary *s, we can observe the following\nkmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88812b889c40 (size 64):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n 40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.\n 00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................\n backtrace:\n [] __kmalloc+0x613/0x910\n [] jffs2_sum_add_dirent_mem+0x5c/0xa0\n [] jffs2_scan_medium.cold+0x36e5/0x4794\n [] jffs2_do_mount_fs.cold+0xa7/0x2267\n [] jffs2_do_fill_super+0x383/0xc30\n [] jffs2_fill_super+0x2ea/0x4c0\n [] mtd_get_sb+0x254/0x400\n [] mtd_get_sb_by_nr+0x4f/0xd0\n [] get_tree_mtd+0x498/0x840\n [] jffs2_get_tree+0x25/0x30\n [] vfs_get_tree+0x8d/0x2e0\n [] path_mount+0x50f/0x1e50\n [] do_mount+0x107/0x130\n [] __se_sys_mount+0x1c5/0x2f0\n [] __x64_sys_mount+0xc7/0x160\n [] do_syscall_64+0x45/0x70\nunreferenced object 0xffff888114b54840 (size 32):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............\n 00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_add_inode_mem+0x54/0x90\n [] jffs2_scan_medium.cold+0x4481/0x4794\n [...]\nunreferenced object 0xffff888114b57280 (size 32):\n comm \"mount\", pid 692, jiffies 4294838393 (age 34.357s)\n hex dump (first 32 bytes):\n 10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............\n 00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_add_xattr_mem+0x54/0x90\n [] jffs2_scan_medium.cold+0x298c/0x4794\n [...]\nunreferenced object 0xffff8881116cd510 (size 16):\n comm \"mount\", pid 692, jiffies 4294838395 (age 34.355s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.\n backtrace:\n [] kmem_cache_alloc_trace+0x584/0x880\n [] jffs2_sum_add_xref_mem+0x54/0x90\n [] jffs2_scan_medium.cold+0x3a20/0x4794\n [...]\n--------------------------------------------\n\nTherefore, we should call jffs2_sum_reset_collected(s) on exit to\nrelease the memory added in s. In addition, a new tag \"out_buf\" is\nadded to prevent the NULL pointer reference caused by s being NULL.\n(thanks to Zhang Yi for this analysis)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Linux", "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "<", "version_name": "e631ddba588783edd521c5a89f7b2902772fb691", "version_value": "9b0c69182f09b70779817af4dcf89780955d5c4c" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "version": "2.6.15", "status": "affected" }, { "version": "0", "lessThan": "2.6.15", "status": "unaffected", "versionType": "semver" }, { "version": "4.9.311", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.14.276", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.19.238", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.189", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.110", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.33", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.16.19", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.17.2", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c" }, { "url": "https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6" }, { "url": "https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33" }, { "url": "https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd" }, { "url": "https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe" }, { "url": "https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a" }, { "url": "https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16" }, { "url": "https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f" }, { "url": "https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df" } ] }, "generator": { "engine": "bippy-5f407fcff5a0" } }