CVE-2022-50835

Root

Cause The vulnerability resides in the Linux kernel's jbd2 journaling subsystem within the fc_do_one_pass() function. During fast commit processing, a buffer head is obtained but not released after use, resulting in a reference count leak [1]. This omission prevents the kernel from properly freeing the buffer memory, leading to a gradual memory leak over time.

Attack

Vector Local exploitation is possible by triggering the fast commit path of the jbd2 journaling layer. An attacker with unprivileged access to the system can repeatedly invoke filesystem operations that engage fast commits, causing the reference count leak to accumulate. No special network position or authentication beyond local access is required.

Impact

A successful attack gradually depletes system memory, potentially leading to denial-of-service (DoS) conditions. The memory leak reduces available memory for other processes and can eventually cause system instability or crashes if memory exhaustion occurs. The vulnerability does not provide code execution or privilege escalation directly.

Mitigation

Patches have been applied to the Linux kernel stable trees to address this issue [1][2]. Users should update to the latest stable kernel version that includes the fix. There is no known workaround other than applying the kernel update.