Executive Summary

Informations
Name CVE-2022-49276 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-04-14

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

jffs2: fix memory leak in jffs2_scan_medium

If an error is returned in jffs2_scan_eraseblock() and some memory has been added to the jffs2_summary *s, we can observe the following kmemleak report:

-------------------------------------------- unreferenced object 0xffff88812b889c40 (size 64):
comm "mount", pid 692, jiffies 4294838325 (age 34.288s)
hex dump (first 32 bytes):
40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.
00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................
backtrace:
[] __kmalloc+0x613/0x910
[] jffs2_sum_add_dirent_mem+0x5c/0xa0
[] jffs2_scan_medium.cold+0x36e5/0x4794
[] jffs2_do_mount_fs.cold+0xa7/0x2267
[] jffs2_do_fill_super+0x383/0xc30
[] jffs2_fill_super+0x2ea/0x4c0
[] mtd_get_sb+0x254/0x400
[] mtd_get_sb_by_nr+0x4f/0xd0
[] get_tree_mtd+0x498/0x840
[] jffs2_get_tree+0x25/0x30
[] vfs_get_tree+0x8d/0x2e0
[] path_mount+0x50f/0x1e50
[] do_mount+0x107/0x130
[] __se_sys_mount+0x1c5/0x2f0
[] __x64_sys_mount+0xc7/0x160
[] do_syscall_64+0x45/0x70 unreferenced object 0xffff888114b54840 (size 32):
comm "mount", pid 692, jiffies 4294838325 (age 34.288s)
hex dump (first 32 bytes):
c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............
00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.
backtrace:
[] kmem_cache_alloc_trace+0x584/0x880
[] jffs2_sum_add_inode_mem+0x54/0x90
[] jffs2_scan_medium.cold+0x4481/0x4794
[...] unreferenced object 0xffff888114b57280 (size 32):
comm "mount", pid 692, jiffies 4294838393 (age 34.357s)
hex dump (first 32 bytes):
10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............
00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.
backtrace:
[] kmem_cache_alloc_trace+0x584/0x880
[] jffs2_sum_add_xattr_mem+0x54/0x90
[] jffs2_scan_medium.cold+0x298c/0x4794
[...] unreferenced object 0xffff8881116cd510 (size 16):
comm "mount", pid 692, jiffies 4294838395 (age 34.355s)
hex dump (first 16 bytes):
00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.
backtrace:
[] kmem_cache_alloc_trace+0x584/0x880
[] jffs2_sum_add_xref_mem+0x54/0x90
[] jffs2_scan_medium.cold+0x3a20/0x4794
[...] --------------------------------------------

Therefore, we should call jffs2_sum_reset_collected(s) on exit to release the memory added in s. In addition, a new tag "out_buf" is added to prevent the NULL pointer reference caused by s being NULL. (thanks to Zhang Yi for this analysis)

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49276

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Os 3527

Sources (Detail)

https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd
https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe
https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a
https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f
https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c
https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df
https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16
https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6
https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-06-26 02:09:27
  • Multiple Updates
2025-06-25 12:22:17
  • Multiple Updates
2025-06-24 02:14:03
  • Multiple Updates
2025-05-27 02:09:39
  • Multiple Updates
2025-02-26 17:20:32
  • First insertion