{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49276","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.298Z","datePublished":"2025-02-26T01:56:20.559Z","dateUpdated":"2025-10-01T19:47:01.833Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:33:59.667Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_scan_medium\n\nIf an error is returned in jffs2_scan_eraseblock() and some memory\nhas been added to the jffs2_summary *s, we can observe the following\nkmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88812b889c40 (size 64):\n  comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n  hex dump (first 32 bytes):\n    40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00  @H........1...P.\n    00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08  ................\n  backtrace:\n    [<ffffffffae93a3a3>] __kmalloc+0x613/0x910\n    [<ffffffffaf423b9c>] jffs2_sum_add_dirent_mem+0x5c/0xa0\n    [<ffffffffb0f3afa8>] jffs2_scan_medium.cold+0x36e5/0x4794\n    [<ffffffffb0f3dbe1>] jffs2_do_mount_fs.cold+0xa7/0x2267\n    [<ffffffffaf40acf3>] jffs2_do_fill_super+0x383/0xc30\n    [<ffffffffaf40c00a>] jffs2_fill_super+0x2ea/0x4c0\n    [<ffffffffb0315d64>] mtd_get_sb+0x254/0x400\n    [<ffffffffb0315f5f>] mtd_get_sb_by_nr+0x4f/0xd0\n    [<ffffffffb0316478>] get_tree_mtd+0x498/0x840\n    [<ffffffffaf40bd15>] jffs2_get_tree+0x25/0x30\n    [<ffffffffae9f358d>] vfs_get_tree+0x8d/0x2e0\n    [<ffffffffaea7a98f>] path_mount+0x50f/0x1e50\n    [<ffffffffaea7c3d7>] do_mount+0x107/0x130\n    [<ffffffffaea7c5c5>] __se_sys_mount+0x1c5/0x2f0\n    [<ffffffffaea7c917>] __x64_sys_mount+0xc7/0x160\n    [<ffffffffb10142f5>] do_syscall_64+0x45/0x70\nunreferenced object 0xffff888114b54840 (size 32):\n  comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n  hex dump (first 32 bytes):\n    c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00  .u..............\n    00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5  ......D...kkkkk.\n  backtrace:\n    [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880\n    [<ffffffffaf423b04>] jffs2_sum_add_inode_mem+0x54/0x90\n    [<ffffffffb0f3bd44>] jffs2_scan_medium.cold+0x4481/0x4794\n    [...]\nunreferenced object 0xffff888114b57280 (size 32):\n  comm \"mount\", pid 692, jiffies 4294838393 (age 34.357s)\n  hex dump (first 32 bytes):\n    10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00  ..l.............\n    00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5  ..8...(...kkkkk.\n  backtrace:\n    [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880\n    [<ffffffffaf423c34>] jffs2_sum_add_xattr_mem+0x54/0x90\n    [<ffffffffb0f3a24f>] jffs2_scan_medium.cold+0x298c/0x4794\n    [...]\nunreferenced object 0xffff8881116cd510 (size 16):\n  comm \"mount\", pid 692, jiffies 4294838395 (age 34.355s)\n  hex dump (first 16 bytes):\n    00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5  ..........`...k.\n  backtrace:\n    [<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880\n    [<ffffffffaf423cc4>] jffs2_sum_add_xref_mem+0x54/0x90\n    [<ffffffffb0f3b2e3>] jffs2_scan_medium.cold+0x3a20/0x4794\n    [...]\n--------------------------------------------\n\nTherefore, we should call jffs2_sum_reset_collected(s) on exit to\nrelease the memory added in s. In addition, a new tag \"out_buf\" is\nadded to prevent the NULL pointer reference caused by s being NULL.\n(thanks to Zhang Yi for this analysis)"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jffs2/scan.c"],"versions":[{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"9b0c69182f09b70779817af4dcf89780955d5c4c","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"b36bccb04e14cc0c1e2d0e92d477fe220314fad6","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"e711913463af916d777a4873068f415f1fe2ad33","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"455f4a23490bfcbedc8e5c245c463a59b19e5ddd","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"51dbb5e36d59f62e34d462b801c1068248149cfe","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"52ba0ab4f0a606f02a6163493378989faa1ec10a","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"b26bbc0c122cad038831f226a4cb4de702225e16","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"82462324bf35b6b553400af1c1aa265069cee28f","status":"affected","versionType":"git"},{"version":"e631ddba588783edd521c5a89f7b2902772fb691","lessThan":"9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jffs2/scan.c"],"versions":[{"version":"2.6.15","status":"affected"},{"version":"0","lessThan":"2.6.15","status":"unaffected","versionType":"semver"},{"version":"4.9.311","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.276","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.238","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.189","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.110","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.33","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.19","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.2","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"4.9.311"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"4.14.276"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"4.19.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.4.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.10.110"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.15.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.16.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.17.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.15","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c"},{"url":"https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6"},{"url":"https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33"},{"url":"https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd"},{"url":"https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe"},{"url":"https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a"},{"url":"https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16"},{"url":"https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f"},{"url":"https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df"}],"title":"jffs2: fix memory leak in jffs2_scan_medium","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-49276","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T19:45:34.710725Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-401","description":"CWE-401 Missing Release of Memory after Effective Lifetime"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T19:47:01.833Z"}}]}}