CVE-2022-49277

jffs2: fix memory leak in jffs2_do_mount_fs

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,
we can observe the following kmemleak report: --------------------------------------------
unreferenced object 0xffff88811b25a640 (size 64): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880 [<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130 [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0 [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0 [...]
unreferenced object 0xffff88812c760000 (size 65536): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [<ffffffffa493a449>] __kmalloc+0x6b9/0x910 [<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130 [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0 [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0 [...]
-------------------------------------------- This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/e631ddba588783edd521c5a89f7b2902772fb691	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834	2022-04-20
https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699	2022-04-20
https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112	2022-04-15
https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9	2022-04-15
https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca	2022-04-08
https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88	2022-04-08
https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699	2022-04-08
https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af	2022-04-08
https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c	2022-03-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 4.9.311 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 4.9.311"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 4.14.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 4.14.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 4.19.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 4.19.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 5.4.189 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 5.4.189"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 5.10.110 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 5.10.110"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 5.15.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 5.15.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 5.16.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 5.16.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 5.17.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 5.17.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.15 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.15 < 5.18"		en		Affected