CVE-2022-49381: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49381 is a memory leak vulnerability discovered in the Linux kernel's JFFS2 (Journalling Flash File System version 2) implementation. The vulnerability was identified in the jffs2dofillsuper function, where resources allocated in jffs2sum_init() are not properly released when certain error conditions occur during mount operations (Kernel Git).

The vulnerability occurs when either jffs2iget() or dmakeroot() in jffs2dofillsuper() returns an error. The issue manifests as unreferenced memory objects, specifically one of size 64 bytes and another of size 65536 bytes, which are allocated but not properly freed. The memory leak can be observed through kmemleak reports showing these unreferenced objects being allocated during mount operations (Kernel Git).

The vulnerability results in memory leaks during mount operations of JFFS2 filesystems. When triggered, the system gradually loses available memory as the resources allocated in jffs2suminit() are not properly released. This can lead to reduced system performance and potential resource exhaustion over time (NVD).

The issue has been fixed by adding a call to jffs2sumexit() to release the resources when errors occur. The fix was implemented in the Linux kernel through a patch that properly handles resource cleanup in error paths. Users should update to a patched version of the kernel that includes this fix (Kernel Git).