CVE-2022-49902 in Linux
Summary
by MITRE • 05/01/2025
In the Linux kernel, the following vulnerability has been resolved:
block: Fix possible memory leak for rq_wb on add_disk failure
kmemleak reported memory leaks in device_add_disk():
kmemleak: 3 new suspected memory leaks
unreferenced object 0xffff88800f420800 (size 512): comm "modprobe", pid 4275, jiffies 4295639067 (age 223.512s) hex dump (first 32 bytes): 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................ 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmalloc_trace+0x26/0x60
[] wbt_init+0x50/0x6f0
[] wbt_enable_default+0x157/0x1c0
[] blk_register_queue+0x2a4/0x420
[] device_add_disk+0x6fd/0xe40
[] nbd_dev_add+0x828/0xbf0 [nbd]
...
It is because the memory allocated in wbt_enable_default() is not released in device_add_disk() error path. Normally, these memory are freed in:
del_gendisk() rq_qos_exit() rqos->ops->exit(rqos); wbt_exit()
So rq_qos_exit() is called to free the rq_wb memory for wbt_init(). However in the error path of device_add_disk(), only blk_unregister_queue() is called and make rq_wb memory leaked.
Add rq_qos_exit() to the error path to fix it.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/15/2026
The vulnerability described in CVE-2022-49902 represents a memory leak within the Linux kernel's block layer subsystem that occurs during disk device registration failures. This issue specifically affects the writeback throttling (wbt) mechanism which is designed to control writeback operations and prevent excessive I/O pressure on storage devices. The flaw manifests when the device_add_disk() function encounters an error during the registration process, particularly when the add_disk operation fails after wbt_enable_default() has already allocated memory structures. The memory leak occurs because the normal cleanup path that would normally execute through del_gendisk() and its associated rq_qos_exit() function is bypassed when an error occurs in device_add_disk(), leaving allocated memory from wbt_init() unreleased.
The technical implementation of this vulnerability demonstrates a classic resource management issue where memory allocation occurs in one function but cleanup is not properly handled in error paths. The kernel's kmemleak subsystem identified three new memory leaks in this scenario, with the specific memory block at address 0xffff88800f420800 representing 512 bytes of unreleased memory. The backtrace shows the allocation path starting from kmalloc_trace through wbt_init, wbt_enable_default, blk_register_queue, and device_add_disk, indicating that the memory allocation happens during the normal device registration sequence but fails to be freed during error conditions. This pattern aligns with CWE-401: Improper Release of Memory and follows the ATT&CK technique T1490: Inhibit System Recovery, as memory leaks can contribute to system resource exhaustion over time.
The operational impact of this vulnerability extends beyond simple memory waste, as persistent memory leaks can degrade system performance and potentially lead to resource exhaustion scenarios. When the nbd (network block device) module attempts to add a disk device and encounters a failure, the memory allocated for writeback throttling remains allocated indefinitely, creating a cumulative effect that worsens with repeated failures. The fix implemented addresses this by ensuring that rq_qos_exit() is called during the error path of device_add_disk(), mirroring the cleanup behavior that occurs during normal operation. This remediation follows established kernel development practices for error handling and resource management, ensuring that all allocated resources are properly freed regardless of execution path. The solution directly addresses the root cause by adding the missing cleanup call in the error handling branch, maintaining consistency with the kernel's existing resource management patterns and preventing the accumulation of leaked memory that could eventually impact system stability and performance.