CVE-2022-49708
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
24/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: fix bug_on ext4_mb_use_inode_pa<br />
<br />
Hulk Robot reported a BUG_ON:<br />
==================================================================<br />
kernel BUG at fs/ext4/mballoc.c:3211!<br />
[...]<br />
RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f<br />
[...]<br />
Call Trace:<br />
ext4_mb_new_blocks+0x9df/0x5d30<br />
ext4_ext_map_blocks+0x1803/0x4d80<br />
ext4_map_blocks+0x3a4/0x1a10<br />
ext4_writepages+0x126d/0x2c30<br />
do_writepages+0x7f/0x1b0<br />
__filemap_fdatawrite_range+0x285/0x3b0<br />
file_write_and_wait_range+0xb1/0x140<br />
ext4_sync_file+0x1aa/0xca0<br />
vfs_fsync_range+0xfb/0x260<br />
do_fsync+0x48/0xa0<br />
[...]<br />
==================================================================<br />
<br />
Above issue may happen as follows:<br />
-------------------------------------<br />
do_fsync<br />
vfs_fsync_range<br />
ext4_sync_file<br />
file_write_and_wait_range<br />
__filemap_fdatawrite_range<br />
do_writepages<br />
ext4_writepages<br />
mpage_map_and_submit_extent<br />
mpage_map_one_extent<br />
ext4_map_blocks<br />
ext4_mb_new_blocks<br />
ext4_mb_normalize_request<br />
>>> start + size ac_o_ex.fe_logical<br />
ext4_mb_regular_allocator<br />
ext4_mb_simple_scan_group<br />
ext4_mb_use_best_found<br />
ext4_mb_new_preallocation<br />
ext4_mb_new_inode_pa<br />
ext4_mb_use_inode_pa<br />
>>> set ac->ac_b_ex.fe_len >> BUG_ON(ac->ac_b_ex.fe_len
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.2.89 (including) | 3.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.10.107 (including) | 3.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.12.72 (including) | 3.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.16.44 (including) | 3.17 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.1.40 (including) | 4.2 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4.53 (including) | 4.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.14 (including) | 4.9.320 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10.2 (including) | 4.14.285 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.249 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.200 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.124 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.49 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.18.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/5707d721d1819db57dba57b1d4623034fcb32047
- https://git.kernel.org/stable/c/6880fb2e64331b9fdc85d3f32b1d7e81ad8703f1
- https://git.kernel.org/stable/c/6fdaf31ad5f3d3afab744dfd9a8b0d9142aa881f
- https://git.kernel.org/stable/c/887a3e9ad4b8309a2266bce7ae749b2bf1f7a687
- https://git.kernel.org/stable/c/90f0f9d45dff0128c0fca0d2358c4153b024afa6
- https://git.kernel.org/stable/c/a08f789d2ab5242c07e716baf9a835725046be89
- https://git.kernel.org/stable/c/a37c1359714da42517dd19d36fc3c4d17edba832
- https://git.kernel.org/stable/c/a6b31616e5afe1d3972cb0682a373e50597faf5c