CVE-2022-49408

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parse_apply_sb_mount_options() If processing the on-disk mount options fails after any memory was allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is leaked. Fix this by calling ext4_fc_free() instead of kfree() directly. Reproducer: mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak

References

Link	Resource
https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491	Patch
https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989	Patch
https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

17 Apr 2025, 20:29

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: se corrige la pérdida de memoria en parse_apply_sb_mount_options() Si el procesamiento de las opciones de montaje en disco falla después de que se haya asignado memoria en ext4_fs_context, por ejemplo, s_qf_names, entonces se produce una pérdida de memoria. Corrija esto llamando a ext4_fc_free() en lugar de kfree() directamente. Reproductor: mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak
References	~~() https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491 -~~	() https://git.kernel.org/stable/c/9ea3e6168948189cec31d0678d2b55b395f88491 - Patch
References	~~() https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989 -~~	() https://git.kernel.org/stable/c/c069db76ed7b681c69159f44be96d2137e9ca989 - Patch
References	~~() https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815 -~~	() https://git.kernel.org/stable/c/f92ded66e9d0aa20b883a2a5183973abc8f41815 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CWE		CWE-401
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-10-01 21:15

NVD link : CVE-2022-49408

Mitre link : CVE-2022-49408

CVE.ORG link : CVE-2022-49408

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10