CVE-2022-49277

jffs2: fix memory leak in jffs2_do_mount_fs

Description

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff88811b25a640 (size 64): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880 [<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130 [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0 [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0 [...] unreferenced object 0xffff88812c760000 (size 65536): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [<ffffffffa493a449>] __kmalloc+0x6b9/0x910 [<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130 [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0 [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30 [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0 [...] -------------------------------------------- This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834 patch
https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699 patch
https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112 patch
https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9 patch
https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca patch
https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88 patch
https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699 patch
https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af patch
https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c patch

Frequently Asked Questions

What is the severity of CVE-2022-49277?
CVE-2022-49277 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49277?
To fix CVE-2022-49277, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49277 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49277 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49277?
CVE-2022-49277 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.