CVE-2022-50546

HIGH EPSS 9.7%
Published Oct 7, 20258mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 7, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: ===================================================== BUG: KMSAN: uninit-value in ext4_evict_inode+0xdd/0x26b0 fs/ext4/inode.c:180 ext4_evict_inode+0xdd/0x26b0 fs/ext4/inode.c:180 evict+0x365/0x9a0 fs/inode.c:664 iput_final fs/inode.c:1747 [inline] iput+0x985/0xdd0 fs/inode.c:1773 __ext4_new_inode+0xe54/0x7ec0 fs/ext4/ialloc.c:1361 ext4_mknod+0x376/0x840 fs/ext4/namei.c:2844 vfs_mknod+0x79d/0x830 fs/namei.c:3914 do_mknodat+0x47d/0xaa0 __do_sys_mknodat fs/namei.c:3992 [inline] __se_sys_mknodat fs/namei.c:3989 [inline] __ia32_sys_mknodat+0xeb/0x150 fs/namei.c:3989 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5578 alloc_pages+0xaae/0xd80 mm/mempolicy.c:2285 alloc_slab_page mm/slub.c:1794 [inline] allocate_slab+0x1b5/0x1010 mm/slub.c:1939 new_slab mm/slub.c:1992 [inline] ___slab_alloc+0x10c3/0x2d60 mm/slub.c:3180 __slab_alloc mm/slub.c:3279 [inline] slab_alloc_node mm/slub.c:3364 [inline] slab_alloc mm/slub.c:3406 [inline] __kmem_cache_alloc_lru mm/slub.c:3413 [inline] kmem_cache_alloc_lru+0x6f3/0xb30 mm/slub.c:3429 alloc_inode_sb include/linux/fs.h:3117 [inline] ext4_alloc_inode+0x5f/0x860 fs/ext4/super.c:1321 alloc_inode+0x83/0x440 fs/inode.c:259 new_inode_pseudo fs/inode.c:1018 [inline] new_inode+0x3b/0x430 fs/inode.c:1046 __ext4_new_inode+0x2a7/0x7ec0 fs/ext4/ialloc.c:959 ext4_mkdir+0x4d5/0x1560 fs/ext4/namei.c:2992 vfs_mkdir+0x62a/0x870 fs/namei.c:4035 do_mkdirat+0x466/0x7b0 fs/namei.c:4060 __do_sys_mkdirat fs/namei.c:4075 [inline] __se_sys_mkdirat fs/namei.c:4073 [inline] __ia32_sys_mkdirat+0xc4/0x120 fs/namei.c:4073 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 CPU: 1 PID: 4625 Comm: syz-executor.2 Not tainted 6.1.0-rc4-syzkaller-62821-gcb231e2f67ec #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 ===================================================== Now, 'ext4_alloc_inode()' didn't init 'ei->i_flags'. If new inode failed before set 'ei->i_flags' in '__ext4_new_inode()', then do 'iput()'. As after 6bc0d63dad7f commit will access 'ei->i_flags' in 'ext4_evict_inode()' which will lead to access uninit-value. To solve above issue just init 'ei->i_flags' in 'ext4_alloc_inode()'.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
9.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.15.61  –  <5.15.87
linuxlinux_kernel*≥5.18.18  –  <5.19
linuxlinux_kernel*≥5.19.2  –  <6.0.18
linuxlinux_kernel*≥6.1  –  <6.1.4
linuxlinux_kernel5.10.163any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/091f85db4c3fb1734a6d7fb4777a2b2831da6631
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c31d8d3ad95aef8cc17a4fcf317e46217148439
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/56491d60ddca9c697d885394cb0173675b9ab81f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ea71af94eaaaf6d9aed24bc94a05b977a741cb9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f966e021c20caae639dd0e404c8761e8281a2c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e431b4fb1fb8c2654b808086e9747a000adb9655
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0bffdcc7cb14598af2aa706f1e0f2a9054154ba
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/091f85db4c3fb1734a6d7fb4777a2b2831da6631
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c31d8d3ad95aef8cc17a4fcf317e46217148439
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/56491d60ddca9c697d885394cb0173675b9ab81f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ea71af94eaaaf6d9aed24bc94a05b977a741cb9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f966e021c20caae639dd0e404c8761e8281a2c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e431b4fb1fb8c2654b808086e9747a000adb9655
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0bffdcc7cb14598af2aa706f1e0f2a9054154ba
    Patch