cve/published/2022/CVE-2022-49277.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49277: jffs2: fix memory leak in jffs2_do_mount_fs

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 jffs2: fix memory leak in jffs2_do_mount_fs

 If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,
 we can observe the following kmemleak report:

 --------------------------------------------
 unreferenced object 0xffff88811b25a640 (size 64):
   comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
   hex dump (first 32 bytes):
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   backtrace:
     [<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880
     [<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130
     [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
     [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
     [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
     [...]
 unreferenced object 0xffff88812c760000 (size 65536):
   comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
   hex dump (first 32 bytes):
     bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
     bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
   backtrace:
     [<ffffffffa493a449>] __kmalloc+0x6b9/0x910
     [<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130
     [<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
     [<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
     [<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
     [...]
 --------------------------------------------

 This is because the resources allocated in jffs2_sum_init() are not
 released. Call jffs2_sum_exit() to release these resources to solve
 the problem.

 The Linux kernel CVE team has assigned CVE-2022-49277 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.9.311 with commit 2a9d8184458562e6bf2f40d0e677fc85e2dd3834
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.14.276 with commit 9a0f6610c7daedd2eace430beeb08a8b7ac80699
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.19.238 with commit dbe0d0521eaa6a3d235517319266c539bb5c5112
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.4.189 with commit 0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.10.110 with commit 607d3aab7349f18e0d9dba4100d09d16fe27caca
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.15.33 with commit 4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.16.19 with commit 5f34310d1376ca5b2ed798258def2c2ab3cc6699
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.17.2 with commit c94128470e6fe53d9bd9d16d2d3271813f9d37af
 	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.18 with commit d051cef784de4d54835f6b6836d98a8f6935772c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49277
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/jffs2/build.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834
 	https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699
 	https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112
 	https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
 	https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca
 	https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
 	https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699
 	https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af
 	https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49277: jffs2: fix memory leak in jffs2_do_mount_fs

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	jffs2: fix memory leak in jffs2_do_mount_fs

	If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,
	we can observe the following kmemleak report:

	--------------------------------------------
	unreferenced object 0xffff88811b25a640 (size 64):
	comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
	hex dump (first 32 bytes):
	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	backtrace:
	[<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880
	[<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130
	[<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
	[<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
	[<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
	[...]
	unreferenced object 0xffff88812c760000 (size 65536):
	comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
	hex dump (first 32 bytes):
	bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
	bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
	backtrace:
	[<ffffffffa493a449>] __kmalloc+0x6b9/0x910
	[<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130
	[<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
	[<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
	[<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
	[...]
	--------------------------------------------

	This is because the resources allocated in jffs2_sum_init() are not
	released. Call jffs2_sum_exit() to release these resources to solve
	the problem.

	The Linux kernel CVE team has assigned CVE-2022-49277 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.9.311 with commit 2a9d8184458562e6bf2f40d0e677fc85e2dd3834
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.14.276 with commit 9a0f6610c7daedd2eace430beeb08a8b7ac80699
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 4.19.238 with commit dbe0d0521eaa6a3d235517319266c539bb5c5112
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.4.189 with commit 0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.10.110 with commit 607d3aab7349f18e0d9dba4100d09d16fe27caca
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.15.33 with commit 4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.16.19 with commit 5f34310d1376ca5b2ed798258def2c2ab3cc6699
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.17.2 with commit c94128470e6fe53d9bd9d16d2d3271813f9d37af
	Issue introduced in 2.6.15 with commit e631ddba588783edd521c5a89f7b2902772fb691 and fixed in 5.18 with commit d051cef784de4d54835f6b6836d98a8f6935772c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49277
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/jffs2/build.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834
	https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699
	https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112
	https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
	https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca
	https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
	https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699
	https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af
	https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c