Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-50009

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
18/06/2025
Last modified:
14/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data<br /> <br /> There is issue as follows when test f2fs atomic write:<br /> F2FS-fs (loop0): Can&amp;#39;t find valid F2FS filesystem in 2th superblock<br /> F2FS-fs (loop0): invalid crc_offset: 0<br /> F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.<br /> F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.<br /> ==================================================================<br /> BUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0<br /> Read of size 8 at addr 0000000000000028 by task rep/1990<br /> <br /> CPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x6e/0x91<br /> print_report.cold+0x49a/0x6bb<br /> kasan_report+0xa8/0x130<br /> f2fs_get_dnode_of_data+0xac/0x16d0<br /> f2fs_do_write_data_page+0x2a5/0x1030<br /> move_data_page+0x3c5/0xdf0<br /> do_garbage_collect+0x2015/0x36c0<br /> f2fs_gc+0x554/0x1d30<br /> f2fs_balance_fs+0x7f5/0xda0<br /> f2fs_write_single_data_page+0xb66/0xdc0<br /> f2fs_write_cache_pages+0x716/0x1420<br /> f2fs_write_data_pages+0x84f/0x9a0<br /> do_writepages+0x130/0x3a0<br /> filemap_fdatawrite_wbc+0x87/0xa0<br /> file_write_and_wait_range+0x157/0x1c0<br /> f2fs_do_sync_file+0x206/0x12d0<br /> f2fs_sync_file+0x99/0xc0<br /> vfs_fsync_range+0x75/0x140<br /> f2fs_file_write_iter+0xd7b/0x1850<br /> vfs_write+0x645/0x780<br /> ksys_write+0xf1/0x1e0<br /> do_syscall_64+0x3b/0x90<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> As 3db1de0e582c commit changed atomic write way which new a cow_inode for<br /> atomic write file, and also mark cow_inode as FI_ATOMIC_FILE.<br /> When f2fs_do_write_data_page write cow_inode will use cow_inode&amp;#39;s cow_inode<br /> which is NULL. Then will trigger null-ptr-deref.<br /> To solve above issue, introduce FI_COW_FILE flag for COW inode.<br /> <br /> Fiexes: 3db1de0e582c("f2fs: change the current atomic write way")

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.8 (including) 5.18.18 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19 (including) 5.19.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools