CVE-2022-50076

Summary

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory leak on the deferred close

xfstests on smb21 report kmemleak as below:

unreferenced object 0xffff8881767d6200 (size 64): comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s) hex dump (first 32 bytes): 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z……x..c…. 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .q.v………… backtrace: [<00000000ad04e6ea>] cifs_close+0x92/0x2c0 [<0000000028b93c82>] __fput+0xff/0x3f0 [<00000000d8116851>] task_work_run+0x85/0xc0 [<0000000027e14f9e>] do_exit+0x5e5/0x1240 [<00000000fb492b95>] do_group_exit+0x58/0xe0 [<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30 [<00000000e3f7d8e9>] do_syscall_64+0x35/0x80 [<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

When cancel the deferred close work, we should also cleanup the struct cifs_deferred_close.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9e992755be8f2d458a0bcbefd19e493483c1dba2 < 860efae127888ae535bc4eda1b7f27642727c69eaffected
LinuxLinux9e992755be8f2d458a0bcbefd19e493483c1dba2 < 60b6d38add7b9c17d6e5d49ee8e930ea1a5650c5affected
LinuxLinux9e992755be8f2d458a0bcbefd19e493483c1dba2 < ca08d0eac020d48a3141dbec0a3cf64fbdb17cdeaffected
LinuxLinux0ca6ac8a2691762307beaa4841255d1cfe6b2684affected
LinuxLinux5.13.12 < 5.14affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.63 <= 5.15.*unaffected
LinuxLinux5.19.4 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References