CVE-2022-50743

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: Fix pcluster memleak when its block address is zero<br /> <br /> syzkaller reported a memleak:<br /> https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed<br /> <br /> unreferenced object 0xffff88811009c7f8 (size 136):<br /> ...<br /> backtrace:<br /> [] z_erofs_do_read_page+0x99b/0x1740<br /> [] z_erofs_readahead+0x24e/0x580<br /> [] read_pages+0x86/0x3d0<br /> ...<br /> <br /> syzkaller constructed a case: in z_erofs_register_pcluster(),<br /> ztailpacking = false and map-&gt;m_pa = zero. This makes pcl-&gt;obj.index be<br /> zero although pcl is not a inline pcluster.<br /> <br /> Then following path adds refcount for grp, but the refcount won&amp;#39;t be put<br /> because pcl is inline.<br /> <br /> z_erofs_readahead()<br /> z_erofs_do_read_page() # for another page<br /> z_erofs_collector_begin()<br /> erofs_find_workgroup()<br /> erofs_workgroup_get()<br /> <br /> Since it&amp;#39;s illegal for the block address of a non-inlined pcluster to<br /> be zero, add check here to avoid registering the pcluster which would<br /> be leaked.