CVE-2022-49408

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-49408
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parse_apply_sb_mount_options() If processing the on-disk mount options fails after any memory was allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is leaked. Fix this by calling ext4_fc_free() instead of kfree() directly. Reproducer: mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491 Patch
https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989 Patch
https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

17 Apr 2025, 20:29

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: se corrige la pérdida de memoria en parse_apply_sb_mount_options() Si el procesamiento de las opciones de montaje en disco falla después de que se haya asignado memoria en ext4_fs_context, por ejemplo, s_qf_names, entonces se produce una pérdida de memoria. Corrija esto llamando a ext4_fc_free() en lugar de kfree() directamente. Reproductor: mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak
First Time Linux linux Kernel
Linux
CWE CWE-401
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491 - () https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491 - Patch
References () https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989 - () https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989 - Patch
References () https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815 - () https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815 - Patch

26 Feb 2025, 07:01

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-26 07:01

Updated : 2025-04-17 20:29

NVD link : CVE-2022-49408

Mitre link : CVE-2022-49408

CVE.ORG link : CVE-2022-49408

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime