CVE-2022-49381 - Fixing Memory Leak in jffs2_do_fill_super in Linux Kernel

In the Linux kernel, a memory leak vulnerability has been identified and resolved, specifically impacting the jffs2_do_fill_super() function. This issue has been assigned the CVE Identifier of CVE-2022-49381.

The vulnerability in the jffs2: Fix Memory Leak in jffs2_do_fill_super was discovered when an error was encountered in the jffs2_iget() or d_make_root() functions. This error lead to the following kmemleak report:

To provide a deeper understanding, let's take a look at the relevant code snippet

jffs2_do_fill_super() {
    ...
    if (jffs2_iget() || d_make_root()) {
        //Call the jffs2_sum_exit() to release resources
        jffs2_sum_exit();
        ...
    }
    ...
}

The issue occurs because resources allocated in the jffs2_sum_init() function are not released appropriately. Thus, to fix the problem, the jffs2_sum_exit() function should be called to release these resources.

For more information on the original references, see

- JFFS2: Fix Memory Leak in jffs2_do_fill_super Patch by Dinghao Liu
- Linux Kernel Mailing List - Kernel Bug Report

For a comprehensive understanding of the Linux kernel patching process and the identified vulnerability, the following resources are recommended:

1. Linux kernel source code: Linux Source Code
2. Linux Kernel Mailing List (LKML) - The place to find patches and bug reports for the Linux kernel: LKML
3. JFFS2 (Journaling Flash File System) Documentation: JFFS2 Documentation

In summary, the memory leak vulnerability in the Linux kernel's jffs2_do_fill_super() function has been resolved, and the patch has been released, addressing CVE-2022-49381. By using the patch, users of the Linux kernel can protect their systems from potential memory leaks, leading to improved system stability and performance.

Timeline

Published on: 02/26/2025 07:01:14 UTC
Last modified on: 04/14/2025 20:38:11 UTC