CVE-2022-49913

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix inode list leak during backref walking at find_parent_nodes()<br /> <br /> During backref walking, at find_parent_nodes(), if we are dealing with a<br /> data extent and we get an error while resolving the indirect backrefs, at<br /> resolve_indirect_refs(), or in the while loop that iterates over the refs<br /> in the direct refs rbtree, we end up leaking the inode lists attached to<br /> the direct refs we have in the direct refs rbtree that were not yet added<br /> to the refs ulist passed as argument to find_parent_nodes(). Since they<br /> were not yet added to the refs ulist and prelim_release() does not free<br /> the lists, on error the caller can only free the lists attached to the<br /> refs that were added to the refs ulist, all the remaining refs get their<br /> inode lists never freed, therefore leaking their memory.<br /> <br /> Fix this by having prelim_release() always free any attached inode list<br /> to each ref found in the rbtree, and have find_parent_nodes() set the<br /> ref&amp;#39;s inode list to NULL once it transfers ownership of the inode list<br /> to a ref added to the refs ulist passed to find_parent_nodes().