CVE-2022-49902

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel. The problem occurs when the device add disk() function fails, causing memory allocated in wbt enable default() to not be released. This results in a memory leak for rq wb. The issue is normally resolved by calling rq qos exit() to free the rq wb memory, but in the error path of device add disk(), only blk unregister queue() is called, leading to the memory leak. The memory leak was reported by kmemleak in device add disk().

Recommendations To resolve the issue, rq qos exit() should be added to the error path of device add disk() to ensure the rq wb memory is properly released. As a temporary workaround, consider disabling the wbt init() function until a patch is available. Restrict access to the device add disk() function to minimize the risk of exploitation. Avoid using the rq wb variable in the affected code path until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.