Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

A memory leak issue has been identified in the jffs2 file system. The leak occurs when an error is returned in `jffs2 scan eraseblock()` and some memory has been added to the `jffs2 summary *s`. This can lead to memory leaks, as observed in the kmemleak report. The issue is caused by the failure to release the memory added in `s` when an error occurs. To fix this, `jffs2 sum reset collected(s)` should be called on exit to release the memory. Additionally, a new tag "out buf" is added to prevent NULL pointer references.

Recommendations:

To resolve the issue, call `jffs2 sum reset collected(s)` on exit to release the memory added in `s`.

As a temporary workaround, consider disabling the `jffs2 scan medium()` function until a patch is available.

Restrict access to the `jffs2` file system to minimize the risk of exploitation.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.