medium
5.5
CWE
401
Advisory Published
Updated

CVE-2022-49277: jffs2: fix memory leak in jffs2_do_mount_fs

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff88811b25a640 (size 64): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880 [<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130 [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0 [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0 [...] unreferenced object 0xffff88812c760000 (size 65536): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [<ffffffffa493a449>] __kmalloc+0x6b9/0x910 [<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130 [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0 [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0 [...] -------------------------------------------- This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=2.6.15<4.9.311
Linux Kernel>=4.10<4.14.276
Linux Kernel>=4.15<4.19.238
Linux Kernel>=4.20<5.4.189
Linux Kernel>=5.5<5.10.110
Linux Kernel>=5.11<5.15.33
Linux Kernel>=5.16<5.16.19
Linux Kernel>=5.17<5.17.2

Remedy

https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9

Remedy

https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834

Remedy

https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88

Remedy

https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699

Remedy

https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca

Remedy

https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699

Remedy

https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af

Remedy

https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c

Remedy

https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49277?

    CVE-2022-49277 has a moderate severity level due to its potential impact on memory management in the Linux kernel.

  • How do I fix CVE-2022-49277?

    To mitigate CVE-2022-49277, upgrade to a patched version of the Linux kernel that addresses the memory leak issue.

  • What versions of the Linux kernel are affected by CVE-2022-49277?

    CVE-2022-49277 affects various versions of the Linux kernel, specifically those prior to the updated patches.

  • Can CVE-2022-49277 cause system crashes?

    While CVE-2022-49277 primarily involves memory management, it may potentially lead to instability in certain situations.

  • Is CVE-2022-49277 specific to certain Linux distributions?

    CVE-2022-49277 can affect any Linux distribution running the vulnerable versions of the Linux kernel, not limited to specific distributions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203