CVE-2022-50451

EUVD-2025-32842
In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix memory leak on ntfs_fill_super() error path

syzbot reported kmemleak as below:

BUG: memory leak
unreferenced object 0xffff8880122f1540 (size 32):
  comm "a.out", pid 6664, jiffies 4294939771 (age 25.500s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 ed ff ed ff 00 00 00 00  ................
  backtrace:
    [<ffffffff81b16052>] ntfs_init_fs_context+0x22/0x1c0
    [<ffffffff8164aaa7>] alloc_fs_context+0x217/0x430
    [<ffffffff81626dd4>] path_mount+0x704/0x1080
    [<ffffffff81627e7c>] __x64_sys_mount+0x18c/0x1d0
    [<ffffffff84593e14>] do_syscall_64+0x34/0xb0
    [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

This patch fixes this issue by freeing mount options on error path of
ntfs_fill_super().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.15 ≤
𝑥
< 5.15.87
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.17
linuxlinux_kernel
6.1 ≤
𝑥
< 6.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.153-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.16.8-1
fixed
sid
6.16.9-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.48-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/2600c80ea7b39f987c3fa89287e73d62e322bbbd
https://git.kernel.org/stable/c/2dd9ccfb06bcdad30ad92d96c3affa38a458679e
https://git.kernel.org/stable/c/51e76a232f8c037f1d9e9922edc25b003d5f3414
https://git.kernel.org/stable/c/ff0df7d9cdbb12878155168b5234e99029e5377f