CVE-2022-50811

Vulnerability

Overview

In the Linux kernel's erofs (Enhanced Read-Only File System) implementation, a failure in the function z_erofs_get_extent_compressed_compressedlen() can result in a missing unmap operation that does not properly unmap previously mapped meta buffers. This missing unmap leads to a resource leak, where the kernel's buffers remain allocated and are not released, potentially causing memory exhaustion or other resource depletion issues.

Exploitation and

Impact

The vulnerability is triggered when z_erofs_get_extent_compressedlen() returns an error. Under normal operation, the function is called after mapping buffers should ensure they are unmapped on failure. However, due to the missing unmap, the buffers, an attacker who can trigger this error path (e.g., by providing a malformed filesystem image) could cause the kernel to leak memory. The attack requires the ability to mount or access a crafted erofs image, which may be possible in scenarios where the attacker can supply a filesystem image to a system using erofs.

Mitigation

The fix was applied in the Linux kernel stable tree via commit 373b6f350aecf5dca2e7474f0b4ec8cca659f2f0 [1]. Users should update to a kernel version containing this commit to prevent the memory leak. No workaround is mentioned, but ensuring only trusted filesystem images are used can reduce exposure.