CVE-2022-50346
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2025
Last modified:
17/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: init quota for &#39;old.inode&#39; in &#39;ext4_rename&#39;<br />
<br />
Syzbot found the following issue:<br />
ext4_parse_param: s_want_extra_isize=128<br />
ext4_inode_info_init: s_want_extra_isize=32<br />
ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828<br />
__ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128<br />
__ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128<br />
ext4_xattr_block_set: inode=ffff88823869a2c8<br />
------------[ cut here ]------------<br />
WARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4_xattr_block_set.cold+0x22/0x980<br />
Modules linked in:<br />
RIP: 0010:ext4_xattr_block_set.cold+0x22/0x980<br />
RSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202<br />
RAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000<br />
RDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178<br />
RBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e<br />
R10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000<br />
R13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000<br />
FS: 00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0<br />
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br />
Call Trace:<br />
<br />
? ext4_xattr_set_entry+0x3b7/0x2320<br />
? ext4_xattr_block_set+0x0/0x2020<br />
? ext4_xattr_set_entry+0x0/0x2320<br />
? ext4_xattr_check_entries+0x77/0x310<br />
? ext4_xattr_ibody_set+0x23b/0x340<br />
ext4_xattr_move_to_block+0x594/0x720<br />
ext4_expand_extra_isize_ea+0x59a/0x10f0<br />
__ext4_expand_extra_isize+0x278/0x3f0<br />
__ext4_mark_inode_dirty.cold+0x347/0x410<br />
ext4_rename+0xed3/0x174f<br />
vfs_rename+0x13a7/0x2510<br />
do_renameat2+0x55d/0x920<br />
__x64_sys_rename+0x7d/0xb0<br />
do_syscall_64+0x3b/0xa0<br />
entry_SYSCALL_64_after_hwframe+0x72/0xdc<br />
<br />
As &#39;ext4_rename&#39; will modify &#39;old.inode&#39; ctime and mark inode dirty,<br />
which may trigger expand &#39;extra_isize&#39; and allocate block. If inode<br />
didn&#39;t init quota will lead to warning. To solve above issue, init<br />
&#39;old.inode&#39; firstly in &#39;ext4_rename&#39;.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/13271fbbe85d73a7c47058f56a52f2a7f00d6e39
- https://git.kernel.org/stable/c/135ba9146f4d38abed48a540ef8a8770ff0bd34f
- https://git.kernel.org/stable/c/33fd7031d634f3b46e59f61adfbb0ea9fe514fef
- https://git.kernel.org/stable/c/67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5
- https://git.kernel.org/stable/c/7dfb8259f66faafa68d23a261b284d2c2c67649b
- https://git.kernel.org/stable/c/84a2f2ed49d6a4d92b354219077434c57d334620
- https://git.kernel.org/stable/c/def7a39091e60e1c4a2f623629082a00092602be
- https://git.kernel.org/stable/c/f263e349bacc2f303526dcfa61c4bc50132418b1
- https://git.kernel.org/stable/c/fae381a3d79bb94aa2eb752170d47458d778b797