Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-50082

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
18/06/2025
Last modified:
18/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix warning in ext4_iomap_begin as race between bmap and write<br /> <br /> We got issue as follows:<br /> ------------[ cut here ]------------<br /> WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0<br /> RIP: 0010:ext4_iomap_begin+0x182/0x5d0<br /> RSP: 0018:ffff88812460fa08 EFLAGS: 00010293<br /> RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12<br /> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003<br /> RBP: ffff88812c669160 R08: ffff88811f168000 R09: ffffed10258cd20f<br /> R10: ffff88812c669077 R11: ffffed10258cd20e R12: 0000000000000001<br /> R13: 00000000000000a4 R14: 000000000000000c R15: ffff88812c6691ee<br /> FS: 00007fd0d6ff3740(0000) GS:ffff8883af180000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fd0d6dda290 CR3: 0000000104a62000 CR4: 00000000000006e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> iomap_apply+0x119/0x570<br /> iomap_bmap+0x124/0x150<br /> ext4_bmap+0x14f/0x250<br /> bmap+0x55/0x80<br /> do_vfs_ioctl+0x952/0xbd0<br /> __x64_sys_ioctl+0xc6/0x170<br /> do_syscall_64+0x33/0x40<br /> entry_SYSCALL_64_after_hwframe+0x44/0xa9<br /> <br /> Above issue may happen as follows:<br /> bmap write<br /> bmap<br /> ext4_bmap<br /> iomap_bmap<br /> ext4_iomap_begin<br /> ext4_file_write_iter<br /> ext4_buffered_write_iter<br /> generic_perform_write<br /> ext4_da_write_begin<br /> ext4_da_write_inline_data_begin<br /> ext4_prepare_inline_data<br /> ext4_create_inline_data<br /> ext4_set_inode_flag(inode,<br /> EXT4_INODE_INLINE_DATA);<br /> if (WARN_ON_ONCE(ext4_has_inline_data(inode))) -&gt;trigger bug_on<br /> <br /> To solved above issue hold inode lock in ext4_bamp.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.00 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.00
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.137 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.61 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.18.18 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19 (including) 5.19.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools