CVE-2022-49425

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix dereference of stale list iterator after loop body<br /> <br /> The list iterator variable will be a bogus pointer if no break was hit.<br /> Dereferencing it (cur-&gt;page in this case) could load an out-of-bounds/undefined<br /> value making it unsafe to use that in the comparision to determine if the<br /> specific element was found.<br /> <br /> Since &amp;#39;cur-&gt;page&amp;#39; *can* be out-ouf-bounds it cannot be guaranteed that<br /> by chance (or intention of an attacker) it matches the value of &amp;#39;page&amp;#39;<br /> even though the correct element was not found.<br /> <br /> This is fixed by using a separate list iterator variable for the loop<br /> and only setting the original variable if a suitable element was found.<br /> Then determing if the element was found is simply checking if the<br /> variable is set.