CVE-2022-49913

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the btrfs file system. The leak occurs during backref walking at find parent nodes(), when dealing with a data extent and an error is encountered while resolving indirect backrefs. This results in the inode lists attached to the direct refs in the direct refs rbtree not being freed, leading to a memory leak. The issue is resolved by modifying the prelim release() function to always free any attached inode list to each ref found in the rbtree, and having find parent nodes() set the ref's inode list to NULL once it transfers ownership of the inode list to a ref added to the refs ulist.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the memory leak in the btrfs file system. Specifically, ensure that the prelim release() function always frees any attached inode list to each ref found in the rbtree, and that find parent nodes() sets the ref's inode list to NULL once it transfers ownership of the inode list to a ref added to the refs ulist. As a temporary workaround, consider disabling the find parent nodes() function until a patch is available. However, since the exact affected versions are not specified, it is crucial to apply the fix to all potentially vulnerable versions of the Linux kernel. At the moment, there is no information about a newer version that contains a fix for this vulnerability, so applying the mentioned modifications to the code is necessary to mitigate the issue.