CVE-2022-49550

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: provide block_invalidate_folio to fix memory leak The ntfs3 filesystem lacks the 'invalidate_folio' method and it causes memory leak. If you write to the filesystem and then unmount it, the cached written data are not freed and they are permanently leaked.

References

Link	Resource
https://git.kernel.org/stable/c/0753245a72ec99824677586499ee2e0919164b3f	Patch
https://git.kernel.org/stable/c/724bbe49c5e427cb077357d72d240a649f2e4054	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

10 Mar 2025, 21:23

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
CWE		CWE-401
CPE		cpe:2.3:o:linux:linux_kernel::::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: proporcionar block_invalidate_folio para reparar la pérdida de memoria El sistema de archivos ntfs3 carece del método 'invalidate_folio' y provoca una pérdida de memoria. Si escribe en el sistema de archivos y luego lo desmonta, los datos escritos en caché no se liberan y se filtran de forma permanente.
References	~~() https://git.kernel.org/stable/c/0753245a72ec99824677586499ee2e0919164b3f -~~	() https://git.kernel.org/stable/c/0753245a72ec99824677586499ee2e0919164b3f - Patch
References	~~() https://git.kernel.org/stable/c/724bbe49c5e427cb077357d72d240a649f2e4054 -~~	() https://git.kernel.org/stable/c/724bbe49c5e427cb077357d72d240a649f2e4054 - Patch

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-10-01 21:15

NVD link : CVE-2022-49550

Mitre link : CVE-2022-49550

CVE.ORG link : CVE-2022-49550

JSON object : View

Products Affected

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2022-49550", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:30.863", "references": [{"url": "https://git.kernel.org/stable/c/0753245a72ec99824677586499ee2e0919164b3f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/724bbe49c5e427cb077357d72d240a649f2e4054", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: provide block_invalidate_folio to fix memory leak\n\nThe ntfs3 filesystem lacks the 'invalidate_folio' method and it causes\nmemory leak. If you write to the filesystem and then unmount it, the\ncached written data are not freed and they are permanently leaked."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: proporcionar block_invalidate_folio para reparar la p\u00e9rdida de memoria El sistema de archivos ntfs3 carece del m\u00e9todo 'invalidate_folio' y provoca una p\u00e9rdida de memoria. Si escribe en el sistema de archivos y luego lo desmonta, los datos escritos en cach\u00e9 no se liberan y se filtran de forma permanente."}], "lastModified": "2025-10-01T21:15:41.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}