admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/49xxx/CVE-2022-49276.json
CVE Team 0cf4d2e01e
"-Synchronized-Data."
2025-02-26 02:06:32 +00:00

179 lines
12 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-49276",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_scan_medium\n\nIf an error is returned in jffs2_scan_eraseblock() and some memory\nhas been added to the jffs2_summary *s, we can observe the following\nkmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88812b889c40 (size 64):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n 40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.\n 00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................\n backtrace:\n [<ffffffffae93a3a3>] __kmalloc+0x613/0x910\n [<ffffffffaf423b9c>] jffs2_sum_add_dirent_mem+0x5c/0xa0\n [<ffffffffb0f3afa8>] jffs2_scan_medium.cold+0x36e5/0x4794\n [<ffffffffb0f3dbe1>] jffs2_do_mount_fs.cold+0xa7/0x2267\n [<ffffffffaf40acf3>] jffs2_do_fill_super+0x383/0xc30\n [<ffffffffaf40c00a>] jffs2_fill_super+0x2ea/0x4c0\n [<ffffffffb0315d64>] mtd_get_sb+0x254/0x400\n [<ffffffffb0315f5f>] mtd_get_sb_by_nr+0x4f/0xd0\n [<ffffffffb0316478>] get_tree_mtd+0x498/0x840\n [<ffffffffaf40bd15>] jffs2_get_tree+0x25/0x30\n [<ffffffffae9f358d>] vfs_get_tree+0x8d/0x2e0\n [<ffffffffaea7a98f>] path_mount+0x50f/0x1e50\n [<ffffffffaea7c3d7>] do_mount+0x107/0x130\n [<ffffffffaea7c5c5>] __se_sys_mount+0x1c5/0x2f0\n [<ffffffffaea7c917>] __x64_sys_mount+0xc7/0x160\n [<ffffffffb10142f5>] do_syscall_64+0x45/0x70\nunreferenced object 0xffff888114b54840 (size 32):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............\n 00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.\n backtrace:\n [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880\n [<ffffffffaf423b04>] jffs2_sum_add_inode_mem+0x54/0x90\n [<ffffffffb0f3bd44>] jffs2_scan_medium.cold+0x4481/0x4794\n [...]\nunreferenced object 0xffff888114b57280 (size 32):\n comm \"mount\", pid 692, jiffies 4294838393 (age 34.357s)\n hex dump (first 32 bytes):\n 10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............\n 00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.\n backtrace:\n [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880\n [<ffffffffaf423c34>] jffs2_sum_add_xattr_mem+0x54/0x90\n [<ffffffffb0f3a24f>] jffs2_scan_medium.cold+0x298c/0x4794\n [...]\nunreferenced object 0xffff8881116cd510 (size 16):\n comm \"mount\", pid 692, jiffies 4294838395 (age 34.355s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.\n backtrace:\n [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880\n [<ffffffffaf423cc4>] jffs2_sum_add_xref_mem+0x54/0x90\n [<ffffffffb0f3b2e3>] jffs2_scan_medium.cold+0x3a20/0x4794\n [...]\n--------------------------------------------\n\nTherefore, we should call jffs2_sum_reset_collected(s) on exit to\nrelease the memory added in s. In addition, a new tag \"out_buf\" is\nadded to prevent the NULL pointer reference caused by s being NULL.\n(thanks to Zhang Yi for this analysis)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e631ddba588783edd521c5a89f7b2902772fb691",
"version_value": "9b0c69182f09b70779817af4dcf89780955d5c4c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.9.311",
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.14.276",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.238",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.189",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.110",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.33",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.16.19",
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.17.2",
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.18",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c"
},
{
"url": "https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6"
},
{
"url": "https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33"
},
{
"url": "https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd"
},
{
"url": "https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe"
},
{
"url": "https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a"
},
{
"url": "https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16"
},
{
"url": "https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f"
},
{
"url": "https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
}
Reference in New Issue View Git Blame Copy Permalink