CVE-2022-49381 is a vulnerability identified in the Linux kernel's JFFS2 (Journaling Flash File System version 2) implementation. The issue arises in the function jffs2_do_fill_super, which is responsible for mounting the JFFS2 filesystem. Specifically, when either jffs2_iget() or d_make_root() calls within jffs2_do_fill_super() return an error, allocated memory resources are not properly released, leading to a memory leak. The root cause is that resources allocated in the jffs2_sum_init() function are not freed if an error occurs during the mounting process. The fix involves invoking jffs2_sum_exit() to release these resources appropriately. The vulnerability manifests as unreferenced kernel memory objects detected by kmemleak, indicating that allocated memory blocks remain allocated but are no longer referenced, thus leaking memory. The leak sizes can be significant, with examples showing allocations of 64 bytes and 65536 bytes leaking during failed mount attempts. This vulnerability does not appear to have an associated CVSS score and no known exploits in the wild have been reported as of the publication date. The vulnerability affects Linux kernel versions identified by the commit hash e631ddba588783edd521c5a89f7b2902772fb691 and likely other versions containing the same code pattern. Since JFFS2 is primarily used in embedded systems and devices with flash memory, the impact is mostly relevant to such environments rather than general-purpose Linux servers or desktops. The vulnerability could lead to gradual memory exhaustion in affected systems if an attacker or malfunctioning process repeatedly triggers mount failures on JFFS2 filesystems, potentially causing denial of service due to resource depletion. However, exploitation requires the ability to mount or remount JFFS2 filesystems, which typically requires privileged access or specific operational contexts.

For European organizations, the impact of CVE-2022-49381 is primarily relevant to those using embedded Linux devices or specialized hardware running JFFS2 filesystems, such as industrial control systems, IoT devices, routers, or network appliances. Memory leaks in kernel space can degrade system stability and availability over time, potentially leading to denial of service conditions. This could disrupt critical infrastructure or industrial operations that rely on embedded Linux devices. However, the vulnerability does not directly expose confidentiality or integrity risks, as it is a resource management flaw rather than a code execution or privilege escalation vulnerability. The impact is thus mostly availability-related and may require sustained triggering to cause noticeable effects. European organizations with large deployments of embedded Linux devices or those in sectors like manufacturing, telecommunications, or critical infrastructure should be aware of this vulnerability. Since no known exploits exist in the wild, the immediate risk is low, but patching is recommended to prevent potential future exploitation or accidental system degradation.

1. Apply the official Linux kernel patches that fix the memory leak by ensuring jffs2_sum_exit() is called to release allocated resources during mount failures. Monitor Linux kernel updates and backport patches to embedded device kernels where necessary. 2. For embedded device vendors and integrators, update firmware images to include the patched kernel version and distribute updates to end users. 3. Implement monitoring on embedded devices for abnormal memory usage or frequent JFFS2 mount failures to detect potential exploitation attempts or malfunctioning software. 4. Restrict access to mounting operations on JFFS2 filesystems to trusted administrators or processes to reduce the risk of repeated triggering. 5. Conduct regular audits of embedded Linux devices in the environment to identify those using JFFS2 and verify patch levels. 6. Consider alternative filesystems if feasible, especially in new deployments, to reduce reliance on JFFS2 where this vulnerability exists. 7. For critical infrastructure, implement redundancy and failover mechanisms to mitigate availability impacts from device instability.