CVE-2022-49550: 
Linux Debian vulnerability analysis and mitigation

The vulnerability (CVE-2022-49550) affects the Linux kernel's NTFS3 filesystem implementation. The issue stems from the filesystem lacking the 'invalidate_folio' method, which results in a memory leak. This vulnerability was discovered when writing to the filesystem and then unmounting it, where the cached written data would not be freed and would become permanently leaked (Kernel Git).

The technical root cause of the vulnerability lies in the missing implementation of the 'invalidatefolio' method in the NTFS3 filesystem's address space operations. This issue was introduced after the change that turned 'blockinvalidatepage' into 'blockinvalidatefolio'. The fix involves adding 'blockinvalidatefolio' to the ntfs_aops structure in the filesystem's inode operations (Kernel Git).

When exploited, this vulnerability causes cached written data to remain in memory after unmounting the filesystem, leading to permanent memory leaks. This could potentially result in system memory degradation over time, especially in systems that frequently mount and unmount NTFS3 filesystems (Kernel Git).

The issue has been fixed by adding the blockinvalidatefolio method to the filesystem's address space operations. Users should update their Linux kernel to a version that includes the fix. The patch has been merged into the kernel codebase (Kernel Git).