medium
5.5
CWE
401
Advisory Published
Updated

CVE-2022-49381: jffs2: fix memory leak in jffs2_do_fill_super

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_fill_super If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0 [<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0 [<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120 [<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810 [<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0 [...] unreferenced object 0xffff8881bd7f0000 (size 65536): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [<ffffffff858579ba>] kmalloc_order+0xda/0x110 [<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130 [<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0 [<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0 [<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120 [<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810 [<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0 [...] -------------------------------------------- This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=2.6.15<4.9.318
Linux Kernel>=4.10<4.14.283
Linux Kernel>=4.15<4.19.247
Linux Kernel>=4.20<5.4.198
Linux Kernel>=5.5<5.10.122
Linux Kernel>=5.11<5.15.47
Linux Kernel>=5.16<5.17.15
Linux Kernel>=5.18<5.18.4

Remedy

https://git.kernel.org/stable/c/28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2

Remedy

https://git.kernel.org/stable/c/3252d327f977b14663a10967f3b0930d6c325687

Remedy

https://git.kernel.org/stable/c/4ba7bbeab8009faf3a726e565d98816593ddd5b0

Remedy

https://git.kernel.org/stable/c/4da8763a3d2b684c773b72ed80fad40bc264bc40

Remedy

https://git.kernel.org/stable/c/69295267c481545f636b69ff341b8db75aa136b9

Remedy

https://git.kernel.org/stable/c/c14adb1cf70a984ed081c67e9d27bc3caad9537c

Remedy

https://git.kernel.org/stable/c/cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab

Remedy

https://git.kernel.org/stable/c/d3a4fff1e7e408c32649030daa7c2c42a7e19a95

Remedy

https://git.kernel.org/stable/c/ecc53e58596542791e82eff00702f8af7a313f70

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49381?

    The severity of CVE-2022-49381 is classified as moderate due to its potential impact on system stability.

  • How do I fix CVE-2022-49381?

    To fix CVE-2022-49381, you should update the Linux Kernel to a version that includes the patches addressing this vulnerability.

  • Which Linux Kernel versions are affected by CVE-2022-49381?

    CVE-2022-49381 affects various Linux Kernel versions between 2.6.15 and 5.18.4.

  • Is CVE-2022-49381 a memory leak vulnerability?

    Yes, CVE-2022-49381 involves a memory leak in the jffs2 file system implementation of the Linux Kernel.

  • What components in the Linux Kernel are impacted by CVE-2022-49381?

    The components impacted by CVE-2022-49381 are the jffs2 file system functions, specifically jffs2_do_fill_super, jffs2_iget, and d_make_root.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203