CVE-2022-49428

MEDIUM EPSS 14.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inline_dots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt folio_mark_dirty+0x33/0x50 f2fs_add_regular_entry+0x541/0xad0 [f2fs] f2fs_add_dentry+0x6c/0xb0 [f2fs] f2fs_do_add_link+0x182/0x230 [f2fs] __recover_dot_dentries+0x2d6/0x470 [f2fs] f2fs_lookup+0x5af/0x6a0 [f2fs] __lookup_slow+0xac/0x200 lookup_slow+0x45/0x70 walk_component+0x16c/0x250 path_lookupat+0x8b/0x1f0 filename_lookup+0xef/0x250 user_path_at_empty+0x46/0x70 vfs_statx+0x98/0x190 __do_sys_newlstat+0x41/0x90 __x64_sys_newlstat+0x1a/0x30 do_syscall_64+0x37/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is for special file: e.g. character, block, fifo or socket file, f2fs doesn't assign address space operations pointer array for mapping->a_ops field, so, in a fuzzed image, if inline_dots flag was tagged in special file, during lookup(), when f2fs runs into __recover_dot_dentries(), it will cause NULL pointer access once f2fs_add_regular_entry() calls a_ops->set_dirty_page().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥4.1  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 4

  • git.kernel.org https://git.kernel.org/stable/c/12662d19467b391b5b509ac5e9ab4f583c6dde16
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/250e5a6be52a6b9d82fe91976c83cc158868b4e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34f48ce5d5936eea33e3b6415403e57eb84aff97
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/12662d19467b391b5b509ac5e9ab4f583c6dde16
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/250e5a6be52a6b9d82fe91976c83cc158868b4e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34f48ce5d5936eea33e3b6415403e57eb84aff97
    Patch