CVE-2022-49348

MEDIUM EPSS 17.5%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the sbi->s_mount_info is initialized from es->s_state. Arguably s_mount_state is misleadingly named, but the name is historical --- s_mount_state and s_state dates back to ext2. What should have been used is the ext4_{set,clear,test}_mount_flag() inline functions, which sets EXT4_MF_* bits in sbi->s_mount_flags. The problem with using EXT4_FC_REPLAY is that a maliciously corrupted superblock could result in EXT4_FC_REPLAY getting set in s_mount_state. This bypasses some sanity checks, and this can trigger a BUG() in ext4_es_cache_extent(). As a easy-to-backport-fix, filter out the EXT4_FC_REPLAY bit for now. We should eventually transition away from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
17.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.10  –  <5.10.121
linuxlinux_kernel*≥5.11  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 5

  • git.kernel.org https://git.kernel.org/stable/c/55b4dbb29054a05d839562f6d635ce05669b016d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af2f1932743fb52ebcb008ad7ac500d9df0aa796
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b99fd73418350dea360da8311e87a6a7b0e15a4c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c878bea3c9d724ddfa05a813f30de3d25a0ba83f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/55b4dbb29054a05d839562f6d635ce05669b016d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af2f1932743fb52ebcb008ad7ac500d9df0aa796
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b99fd73418350dea360da8311e87a6a7b0e15a4c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c878bea3c9d724ddfa05a813f30de3d25a0ba83f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04
    Patch