CVE-2022-49361 (GCVE-0-2022-49361)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2025-07-11 17:19
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check for inline inode
Yanming reported a kernel bug in Bugzilla kernel [1], which can be
reproduced. The bug message is:
The kernel message is shown below:
kernel BUG at fs/inode.c:611!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
dput+0x2dd/0x720
do_renameat2+0x596/0x970
__x64_sys_rename+0x78/0x90
do_syscall_64+0x3b/0x90
[1] https://bugzilla.kernel.org/show_bug.cgi?id=215895
The bug is due to fuzzed inode has both inline_data and encrypted flags.
During f2fs_evict_inode(), as the inode was deleted by rename(), it
will cause inline data conversion due to conflicting flags. The page
cache will be polluted and the panic will be triggered in clear_inode().
Try fixing the bug by doing more sanity checks for inline data inode in
sanity_check_inode().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < efdefbe8b7564602ab446474788225a1f2a323b5
(git)
Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 7cfe2d43becaf76e562b9617d2c2d9b445f86761 (git) Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 11c1cd032df85df3c096a57a7f27d57819956e4a (git) Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 198fd9faa271dd54dca6fc8eb6873f42dfd3b4d8 (git) Affected: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4 , < 677a82b44ebf263d4f9a0cfbd576a6ade797a07b (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/f2fs.h",
"fs/f2fs/inline.c",
"fs/f2fs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "efdefbe8b7564602ab446474788225a1f2a323b5",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "7cfe2d43becaf76e562b9617d2c2d9b445f86761",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "11c1cd032df85df3c096a57a7f27d57819956e4a",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "198fd9faa271dd54dca6fc8eb6873f42dfd3b4d8",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
},
{
"lessThan": "677a82b44ebf263d4f9a0cfbd576a6ade797a07b",
"status": "affected",
"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/f2fs.h",
"fs/f2fs/inline.c",
"fs/f2fs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check for inline inode\n\nYanming reported a kernel bug in Bugzilla kernel [1], which can be\nreproduced. The bug message is:\n\nThe kernel message is shown below:\n\nkernel BUG at fs/inode.c:611!\nCall Trace:\n evict+0x282/0x4e0\n __dentry_kill+0x2b2/0x4d0\n dput+0x2dd/0x720\n do_renameat2+0x596/0x970\n __x64_sys_rename+0x78/0x90\n do_syscall_64+0x3b/0x90\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=215895\n\nThe bug is due to fuzzed inode has both inline_data and encrypted flags.\nDuring f2fs_evict_inode(), as the inode was deleted by rename(), it\nwill cause inline data conversion due to conflicting flags. The page\ncache will be polluted and the panic will be triggered in clear_inode().\n\nTry fixing the bug by doing more sanity checks for inline data inode in\nsanity_check_inode()."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:16.905Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/efdefbe8b7564602ab446474788225a1f2a323b5"
},
{
"url": "https://git.kernel.org/stable/c/7cfe2d43becaf76e562b9617d2c2d9b445f86761"
},
{
"url": "https://git.kernel.org/stable/c/11c1cd032df85df3c096a57a7f27d57819956e4a"
},
{
"url": "https://git.kernel.org/stable/c/198fd9faa271dd54dca6fc8eb6873f42dfd3b4d8"
},
{
"url": "https://git.kernel.org/stable/c/677a82b44ebf263d4f9a0cfbd576a6ade797a07b"
}
],
"title": "f2fs: fix to do sanity check for inline inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49361",
"datePublished": "2025-02-26T02:11:08.881Z",
"dateReserved": "2025-02-26T02:08:31.547Z",
"dateUpdated": "2025-07-11T17:19:16.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49361\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:12.770\",\"lastModified\":\"2025-10-21T12:16:53.300\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: fix to do sanity check for inline inode\\n\\nYanming reported a kernel bug in Bugzilla kernel [1], which can be\\nreproduced. The bug message is:\\n\\nThe kernel message is shown below:\\n\\nkernel BUG at fs/inode.c:611!\\nCall Trace:\\n evict+0x282/0x4e0\\n __dentry_kill+0x2b2/0x4d0\\n dput+0x2dd/0x720\\n do_renameat2+0x596/0x970\\n __x64_sys_rename+0x78/0x90\\n do_syscall_64+0x3b/0x90\\n\\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=215895\\n\\nThe bug is due to fuzzed inode has both inline_data and encrypted flags.\\nDuring f2fs_evict_inode(), as the inode was deleted by rename(), it\\nwill cause inline data conversion due to conflicting flags. The page\\ncache will be polluted and the panic will be triggered in clear_inode().\\n\\nTry fixing the bug by doing more sanity checks for inline data inode in\\nsanity_check_inode().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para realizar una comprobaci\u00f3n de cordura para el inodo en l\u00ednea Yanming inform\u00f3 de un error del kernel en el kernel de Bugzilla [1], que se puede reproducir. El mensaje del error es: El mensaje del kernel se muestra a continuaci\u00f3n: kernel BUG at fs/inode.c:611! Call Trace: evict+0x282/0x4e0 __dentry_kill+0x2b2/0x4d0 dput+0x2dd/0x720 do_renameat2+0x596/0x970 __x64_sys_rename+0x78/0x90 do_syscall_64+0x3b/0x90 [1] https://bugzilla.kernel.org/show_bug.cgi?id=215895 El error se debe a que el inodo fuzzed tiene indicadores inline_data y cifrados. Durante f2fs_evict_inode(), como el inodo fue eliminado por rename(), esto provocar\u00e1 una conversi\u00f3n de datos en l\u00ednea debido a indicadores conflictivos. La cach\u00e9 de la p\u00e1gina se contaminar\u00e1 y se activar\u00e1 el p\u00e1nico en clear_inode(). Intente corregir el error realizando m\u00e1s comprobaciones de integridad para el inodo de datos en l\u00ednea en sanity_check_inode().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8\",\"versionEndExcluding\":\"5.10.121\",\"matchCriteriaId\":\"DD91DA8C-87FE-47CE-A7BA-0480866181FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.46\",\"matchCriteriaId\":\"20D41697-0E8B-4B7D-8842-F17BF2AA21E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.17.14\",\"matchCriteriaId\":\"15E2DD33-2255-4B76-9C15-04FF8CBAB252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18\",\"versionEndExcluding\":\"5.18.3\",\"matchCriteriaId\":\"8E122216-2E9E-4B3E-B7B8-D575A45BA3C2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/11c1cd032df85df3c096a57a7f27d57819956e4a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/198fd9faa271dd54dca6fc8eb6873f42dfd3b4d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/677a82b44ebf263d4f9a0cfbd576a6ade797a07b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7cfe2d43becaf76e562b9617d2c2d9b445f86761\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/efdefbe8b7564602ab446474788225a1f2a323b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…