CVE-2022-50344
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2025
Last modified:
17/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: fix null-ptr-deref in ext4_write_info<br />
<br />
I caught a null-ptr-deref bug as follows:<br />
==================================================================<br />
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]<br />
CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339<br />
RIP: 0010:ext4_write_info+0x53/0x1b0<br />
[...]<br />
Call Trace:<br />
dquot_writeback_dquots+0x341/0x9a0<br />
ext4_sync_fs+0x19e/0x800<br />
__sync_filesystem+0x83/0x100<br />
sync_filesystem+0x89/0xf0<br />
generic_shutdown_super+0x79/0x3e0<br />
kill_block_super+0xa1/0x110<br />
deactivate_locked_super+0xac/0x130<br />
deactivate_super+0xb6/0xd0<br />
cleanup_mnt+0x289/0x400<br />
__cleanup_mnt+0x16/0x20<br />
task_work_run+0x11c/0x1c0<br />
exit_to_user_mode_prepare+0x203/0x210<br />
syscall_exit_to_user_mode+0x5b/0x3a0<br />
do_syscall_64+0x59/0x70<br />
entry_SYSCALL_64_after_hwframe+0x44/0xa9<br />
==================================================================<br />
<br />
Above issue may happen as follows:<br />
-------------------------------------<br />
exit_to_user_mode_prepare<br />
task_work_run<br />
__cleanup_mnt<br />
cleanup_mnt<br />
deactivate_super<br />
deactivate_locked_super<br />
kill_block_super<br />
generic_shutdown_super<br />
shrink_dcache_for_umount<br />
dentry = sb->s_root<br />
sb->s_root = NULL s_op->sync_fs > ext4_sync_fs<br />
dquot_writeback_dquots<br />
sb->dq_op->write_info > ext4_write_info<br />
ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2)<br />
d_inode(sb->s_root)<br />
s_root->d_inode
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4
- https://git.kernel.org/stable/c/4a657319cfabd6199fd0b7b65bbebf6ded7a11c1
- https://git.kernel.org/stable/c/533c60a0b97cee5daab376933f486207e6680fb7
- https://git.kernel.org/stable/c/947264e00c46de19a016fd81218118c708fed2f3
- https://git.kernel.org/stable/c/bb420e8afc854d2a1caaa23a0c129839acfb7888
- https://git.kernel.org/stable/c/dc451578446afd03c0c21913993c08898a691435
- https://git.kernel.org/stable/c/f34ab95162763cd7352f46df169296eec28b688d
- https://git.kernel.org/stable/c/f4b5ff0b794aa94afac7269c494550ca2f66511b
- https://git.kernel.org/stable/c/f9c1f248607d5546075d3f731e7607d5571f2b60