CVE-2022-49408

If processing the on-disk mount options fails after any memory was allocated in the ext4fscontext, e.g. sqfnames, then this memory is leaked. Fix this by calling ext4fcfree() instead of kfree() directly.

Reproducer:

mkfs.ext4 -F /dev/vdc
tune2fs /dev/vdc -E mount_opts=usrjquota=file
echo clear > /sys/kernel/debug/kmemleak
mount /dev/vdc /vdc
echo scan > /sys/kernel/debug/kmemleak
sleep 5
echo scan > /sys/kernel/debug/kmemleak
cat /sys/kernel/debug/kmemleak

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7edfd85b1ffd36593011dec96ab395912a340418

Fixed

9ea3e6168948189cec31d0678d2b55b395f88491

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7edfd85b1ffd36593011dec96ab395912a340418

Fixed

f92ded66e9d0aa20b883a2a5183973abc8f41815

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7edfd85b1ffd36593011dec96ab395912a340418

Fixed

c069db76ed7b681c69159f44be96d2137e9ca989

Affected versions

v5.*

v5.16

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.10

v5.17.11

v5.17.12

v5.17.13

v5.17.2

v5.17.3

v5.17.4

v5.17.5

v5.17.6

v5.17.7

v5.17.8

v5.17.9

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.14

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

5.18.3