CVE-2022-49348

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state<br /> <br /> The EXT4_FC_REPLAY bit in sbi-&gt;s_mount_state is used to indicate that<br /> we are in the middle of replay the fast commit journal. This was<br /> actually a mistake, since the sbi-&gt;s_mount_info is initialized from<br /> es-&gt;s_state. Arguably s_mount_state is misleadingly named, but the<br /> name is historical --- s_mount_state and s_state dates back to ext2.<br /> <br /> What should have been used is the ext4_{set,clear,test}_mount_flag()<br /> inline functions, which sets EXT4_MF_* bits in sbi-&gt;s_mount_flags.<br /> <br /> The problem with using EXT4_FC_REPLAY is that a maliciously corrupted<br /> superblock could result in EXT4_FC_REPLAY getting set in<br /> s_mount_state. This bypasses some sanity checks, and this can trigger<br /> a BUG() in ext4_es_cache_extent(). As a easy-to-backport-fix, filter<br /> out the EXT4_FC_REPLAY bit for now. We should eventually transition<br /> away from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY.