Home

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2_mount_volume() There is a memory leak reported by kmemleak: unreferenced object 0xffff88810cc65e60 (size 32): comm "mount.ocfs2", pid 23753, jiffies 4302528942 (age 34735.105s) hex dump (first 32 bytes): 10 00 00 00 00 00 00 00 00 01 01 01 01 01 01 01 ................ 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff8170f73d>] __kmalloc+0x4d/0x150 [<ffffffffa0ac3f51>] ocfs2_compute_replay_slots+0x121/0x330 [ocfs2] [<ffffffffa0b65165>] ocfs2_check_volume+0x485/0x900 [ocfs2] [<ffffffffa0b68129>] ocfs2_mount_volume.isra.0+0x1e9/0x650 [ocfs2] [<ffffffffa0b7160b>] ocfs2_fill_super+0xe0b/0x1740 [ocfs2] [<ffffffff818e1fe2>] mount_bdev+0x312/0x400 [<ffffffff819a086d>] legacy_get_tree+0xed/0x1d0 [<ffffffff818de82d>] vfs_get_tree+0x7d/0x230 [<ffffffff81957f92>] path_mount+0xd62/0x1760 [<ffffffff81958a5a>] do_mount+0xca/0xe0 [<ffffffff81958d3c>] __x64_sys_mount+0x12c/0x1a0 [<ffffffff82f26f15>] do_syscall_64+0x35/0x80 [<ffffffff8300006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 This call stack is related to two problems. Firstly, the ocfs2 super uses "replay_map" to trace online/offline slots, in order to recover offline slots during recovery and mount. But when ocfs2_truncate_log_init() returns an error in ocfs2_mount_volume(), the memory of "replay_map" will not be freed in error handling path. Secondly, the memory of "replay_map" will not be freed if d_make_root() returns an error in ocfs2_fill_super(). But the memory of "replay_map" will be freed normally when completing recovery and mount in ocfs2_complete_mount_recovery(). Fix the first problem by adding error handling path to free "replay_map" when ocfs2_truncate_log_init() fails. And fix the second problem by calling ocfs2_free_replay_slots(osb) in the error handling path "out_dismount". In addition, since ocfs2_free_replay_slots() is static, it is necessary to remove its static attribute and declare it in header file.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner Linux

Product status

Default status
unaffected

9140db04ef185f934acf2b1b15b3dd5e6a6bfc22 (git) before 7ef516888c4d30ae41bfcd79e7077d86d92794c5
affected

9140db04ef185f934acf2b1b15b3dd5e6a6bfc22 (git) before 2b7e59ed2e77136e9360274f8f0fc208a003e95c
affected

9140db04ef185f934acf2b1b15b3dd5e6a6bfc22 (git) before 8059e200259e9c483d715fc2df6340c227c3e196
affected

9140db04ef185f934acf2b1b15b3dd5e6a6bfc22 (git) before 4efe1d2db731bad19891e2fb9b338724b1f598cc
affected

9140db04ef185f934acf2b1b15b3dd5e6a6bfc22 (git) before 50ab0ca3aff4da26037113d69f5a756d8c1a92cd
affected

9140db04ef185f934acf2b1b15b3dd5e6a6bfc22 (git) before ce2fcf1516d674a174d9b34d1e1024d64de9fba3
affected

Default status
affected

2.6.30
affected

Any version before 2.6.30
unaffected

5.4.229 (semver)
unaffected

5.10.163 (semver)
unaffected

5.15.107 (semver)
unaffected

6.0.16 (semver)
unaffected

6.1.2 (semver)
unaffected

6.2 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/7ef516888c4d30ae41bfcd79e7077d86d92794c5

git.kernel.org/...c/2b7e59ed2e77136e9360274f8f0fc208a003e95c

git.kernel.org/...c/8059e200259e9c483d715fc2df6340c227c3e196

git.kernel.org/...c/4efe1d2db731bad19891e2fb9b338724b1f598cc

git.kernel.org/...c/50ab0ca3aff4da26037113d69f5a756d8c1a92cd

git.kernel.org/...c/ce2fcf1516d674a174d9b34d1e1024d64de9fba3

cve.org (CVE-2022-50770)

nvd.nist.gov (CVE-2022-50770)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.