lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025022631-CVE-2022-49277-ff2c@gregkh>
Date: Wed, 26 Feb 2025 02:58:02 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49277: jffs2: fix memory leak in jffs2_do_mount_fs

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

jffs2: fix memory leak in jffs2_do_mount_fs

If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,
we can observe the following kmemleak report:

--------------------------------------------
unreferenced object 0xffff88811b25a640 (size 64):
  comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880
    [<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130
    [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
    [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
    [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
    [...]
unreferenced object 0xffff88812c760000 (size 65536):
  comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
  hex dump (first 32 bytes):
    bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
    bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
  backtrace:
    [<ffffffffa493a449>] __kmalloc+0x6b9/0x910
    [<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130
    [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
    [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
    [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
    [...]
--------------------------------------------

This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.

The Linux kernel CVE team has assigned CVE-2022-49277 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.9.311 with commit 2a9d8184458562e6bf2f40d0e677fc85e2dd3834
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.14.276 with commit 9a0f6610c7daedd2eace430beeb08a8b7ac80699
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.19.238 with commit dbe0d0521eaa6a3d235517319266c539bb5c5112
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.4.189 with commit 0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.10.110 with commit 607d3aab7349f18e0d9dba4100d09d16fe27caca
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.15.33 with commit 4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.16.19 with commit 5f34310d1376ca5b2ed798258def2c2ab3cc6699
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.17.2 with commit c94128470e6fe53d9bd9d16d2d3271813f9d37af
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.18 with commit d051cef784de4d54835f6b6836d98a8f6935772c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49277
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	fs/jffs2/build.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834
	https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699
	https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112
	https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
	https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca
	https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
	https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699
	https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af
	https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ