CVE-2022-49276

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the jffs2 file system. The leak occurs when an error is returned in jffs2 scan eraseblock() and some memory has been added to the jffs2 summary *s. This can lead to memory leaks, as observed in the kmemleak report. The issue is caused by the failure to release the memory added in s when an error occurs. To fix this, jffs2 sum reset collected(s) should be called on exit to release the memory. Additionally, a new tag "out buf" is added to prevent NULL pointer references.

Recommendations To resolve the issue, call jffs2 sum reset collected(s) on exit to release the memory added in s. As a temporary workaround, consider disabling the jffs2 scan medium() function until a patch is available. Restrict access to the jffs2 file system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.