CVE-2022-49914

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the btrfs module. The issue occurs during backref walking at resolve indirect refs(), where an error causes a jump to the 'out' label, leading to a call to ulist free() on the 'parents' ulist. However, this does not free any attached inode lists through the 'aux' field of a ulist node, resulting in a leak of these lists. The fix involves calling free leaf list() instead of ulist free() when exiting resolve indirect refs(). No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.