CVE-2022-49912

medium

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ulist leaks in error paths of qgroup self tests In the test_no_shared_qgroup() and test_multiple_refs() qgroup self tests, if we fail to add the tree ref, remove the extent item or remove the extent ref, we are returning from the test function without freeing the "old_roots" ulist that was allocated by the previous calls to btrfs_find_all_roots(). Fix that by calling ulist_free() before returning.

References

https://git.kernel.org/stable/c/f46ea5fa3320dca4fe0c0926b49a5f14cb85de62

https://git.kernel.org/stable/c/da7003434bcab0ae9aba3f2c003e734cae093326

https://git.kernel.org/stable/c/d81370396025cf63a7a1b5f8bb25a3479203b2ca

https://git.kernel.org/stable/c/d37de92b38932d40e4a251e876cc388f9aee5f42

https://git.kernel.org/stable/c/5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9

https://git.kernel.org/stable/c/3f58283d83a588ff5da62fc150de19e798ed2ec2

https://git.kernel.org/stable/c/203204798831c35d855ecc6417d98267d2d2184b

https://git.kernel.org/stable/c/0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84

Details

Source: Mitre, NVD

Published: 2025-05-01

Updated: 2025-05-02

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024