Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48877

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/08/2024
Last modified:
05/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: let&amp;#39;s avoid panic if extent_tree is not created<br /> <br /> This patch avoids the below panic.<br /> <br /> pc : __lookup_extent_tree+0xd8/0x760<br /> lr : f2fs_do_write_data_page+0x104/0x87c<br /> sp : ffffffc010cbb3c0<br /> x29: ffffffc010cbb3e0 x28: 0000000000000000<br /> x27: ffffff8803e7f020 x26: ffffff8803e7ed40<br /> x25: ffffff8803e7f020 x24: ffffffc010cbb460<br /> x23: ffffffc010cbb480 x22: 0000000000000000<br /> x21: 0000000000000000 x20: ffffffff22e90900<br /> x19: 0000000000000000 x18: ffffffc010c5d080<br /> x17: 0000000000000000 x16: 0000000000000020<br /> x15: ffffffdb1acdbb88 x14: ffffff888759e2b0<br /> x13: 0000000000000000 x12: ffffff802da49000<br /> x11: 000000000a001200 x10: ffffff8803e7ed40<br /> x9 : ffffff8023195800 x8 : ffffff802da49078<br /> x7 : 0000000000000001 x6 : 0000000000000000<br /> x5 : 0000000000000006 x4 : ffffffc010cbba28<br /> x3 : 0000000000000000 x2 : ffffffc010cbb480<br /> x1 : 0000000000000000 x0 : ffffff8803e7ed40<br /> Call trace:<br /> __lookup_extent_tree+0xd8/0x760<br /> f2fs_do_write_data_page+0x104/0x87c<br /> f2fs_write_single_data_page+0x420/0xb60<br /> f2fs_write_cache_pages+0x418/0xb1c<br /> __f2fs_write_data_pages+0x428/0x58c<br /> f2fs_write_data_pages+0x30/0x40<br /> do_writepages+0x88/0x190<br /> __writeback_single_inode+0x48/0x448<br /> writeback_sb_inodes+0x468/0x9e8<br /> __writeback_inodes_wb+0xb8/0x2a4<br /> wb_writeback+0x33c/0x740<br /> wb_do_writeback+0x2b4/0x400<br /> wb_workfn+0xe4/0x34c<br /> process_one_work+0x24c/0x5bc<br /> worker_thread+0x3e8/0xa50<br /> kthread+0x150/0x1b4

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.304 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.271 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.230 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.90 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.8 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools