CVE-2022-50013

MEDIUM EPSS 9.8%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller found a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: write_all_xattrs fs/f2fs/xattr.c:487 [inline] __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86 __vfs_setxattr+0x115/0x180 fs/xattr.c:182 __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216 __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277 vfs_setxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 path_setxattr+0x1a7/0x1d0 fs/xattr.c:630 __do_sys_lsetxattr fs/xattr.c:653 [inline] __se_sys_lsetxattr fs/xattr.c:649 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 NAT entry and nat bitmap can be inconsistent, e.g. one nid is free in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it may trigger BUG_ON() in f2fs_new_node_page(), fix it.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
9.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥3.8  –  <4.19.256
linuxlinux_kernel*≥4.20  –  <5.4.211
linuxlinux_kernel*≥5.5  –  <5.10.138
linuxlinux_kernel*≥5.11  –  <5.15.63
linuxlinux_kernel*≥5.16  –  <5.19.4

References 6

  • git.kernel.org https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44caf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44caf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342
    Patch