jffs2: fix memory leak in jffs2_do_fill_super 漏洞信息(CVE-2022-49381)

一、漏洞 CVE-2022-49381 基础信息

AIGC 神龙大模型
美国国家漏洞数据库 NVD

漏洞标题

jffs2:修复jffs2_do_fill_super中的内存泄漏问题

来源：AIGC 神龙大模型

漏洞描述信息

N/A

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

来源：AIGC 神龙大模型

漏洞类别

在移除最后引用时对内存的释放不恰当(内存泄露)

来源：AIGC 神龙大模型

漏洞标题

jffs2: fix memory leak in jffs2_do_fill_super

来源：美国国家漏洞数据库 NVD

漏洞描述信息

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_fill_super If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0 [<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0 [<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120 [<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810 [<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0 [...] unreferenced object 0xffff8881bd7f0000 (size 65536): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ backtrace: [<ffffffff858579ba>] kmalloc_order+0xda/0x110 [<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130 [<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0 [<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0 [<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120 [<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810 [<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0 [...] -------------------------------------------- This is because the resources allocated in jffs2_sum_init() are not released. Call jffs2_sum_exit() to release these resources to solve the problem.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2022-49381 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2022-49381 的情报信息

标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
标题： jffs2: fix memory leak in jffs2_do_fill_super - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

标签：
https://nvd.nist.gov/vuln/detail/CVE-2022-49381