cve-2022-48877
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2024-11-04 12:18
Severity ?
EPSS score ?
Summary
f2fs: let's avoid panic if extent_tree is not created
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:09.893682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:53.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/extent_cache.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dd83a9763e29",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ff85a1dbd90d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "557e85ff9afe",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "72009139a661",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2c129e868992",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "1c38cdc747f0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "df9d44b645b8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/extent_cache.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.90",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: let\u0027s avoid panic if extent_tree is not created\n\nThis patch avoids the below panic.\n\npc : __lookup_extent_tree+0xd8/0x760\nlr : f2fs_do_write_data_page+0x104/0x87c\nsp : ffffffc010cbb3c0\nx29: ffffffc010cbb3e0 x28: 0000000000000000\nx27: ffffff8803e7f020 x26: ffffff8803e7ed40\nx25: ffffff8803e7f020 x24: ffffffc010cbb460\nx23: ffffffc010cbb480 x22: 0000000000000000\nx21: 0000000000000000 x20: ffffffff22e90900\nx19: 0000000000000000 x18: ffffffc010c5d080\nx17: 0000000000000000 x16: 0000000000000020\nx15: ffffffdb1acdbb88 x14: ffffff888759e2b0\nx13: 0000000000000000 x12: ffffff802da49000\nx11: 000000000a001200 x10: ffffff8803e7ed40\nx9 : ffffff8023195800 x8 : ffffff802da49078\nx7 : 0000000000000001 x6 : 0000000000000000\nx5 : 0000000000000006 x4 : ffffffc010cbba28\nx3 : 0000000000000000 x2 : ffffffc010cbb480\nx1 : 0000000000000000 x0 : ffffff8803e7ed40\nCall trace:\n __lookup_extent_tree+0xd8/0x760\n f2fs_do_write_data_page+0x104/0x87c\n f2fs_write_single_data_page+0x420/0xb60\n f2fs_write_cache_pages+0x418/0xb1c\n __f2fs_write_data_pages+0x428/0x58c\n f2fs_write_data_pages+0x30/0x40\n do_writepages+0x88/0x190\n __writeback_single_inode+0x48/0x448\n writeback_sb_inodes+0x468/0x9e8\n __writeback_inodes_wb+0xb8/0x2a4\n wb_writeback+0x33c/0x740\n wb_do_writeback+0x2b4/0x400\n wb_workfn+0xe4/0x34c\n process_one_work+0x24c/0x5bc\n worker_thread+0x3e8/0xa50\n kthread+0x150/0x1b4"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T12:18:20.193Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692"
},
{
"url": "https://git.kernel.org/stable/c/ff85a1dbd90d29f73033177ff8d8de4a27d9721c"
},
{
"url": "https://git.kernel.org/stable/c/557e85ff9afef6d45020b6f09357111d38033c31"
},
{
"url": "https://git.kernel.org/stable/c/72009139a661ade5cb1da4239734ed02fa1cfff0"
},
{
"url": "https://git.kernel.org/stable/c/2c129e868992621a739bdd57a5bffa3985ef1b91"
},
{
"url": "https://git.kernel.org/stable/c/1c38cdc747f00daf7394535eae5afc4c503c59bb"
},
{
"url": "https://git.kernel.org/stable/c/df9d44b645b83fffccfb4e28c1f93376585fdec8"
}
],
"title": "f2fs: let\u0027s avoid panic if extent_tree is not created",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48877",
"datePublished": "2024-08-21T06:10:08.371Z",
"dateReserved": "2024-07-16T11:38:08.922Z",
"dateUpdated": "2024-11-04T12:18:20.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48877\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-21T07:15:04.563\",\"lastModified\":\"2024-09-05T17:47:28.647\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: let\u0027s avoid panic if extent_tree is not created\\n\\nThis patch avoids the below panic.\\n\\npc : __lookup_extent_tree+0xd8/0x760\\nlr : f2fs_do_write_data_page+0x104/0x87c\\nsp : ffffffc010cbb3c0\\nx29: ffffffc010cbb3e0 x28: 0000000000000000\\nx27: ffffff8803e7f020 x26: ffffff8803e7ed40\\nx25: ffffff8803e7f020 x24: ffffffc010cbb460\\nx23: ffffffc010cbb480 x22: 0000000000000000\\nx21: 0000000000000000 x20: ffffffff22e90900\\nx19: 0000000000000000 x18: ffffffc010c5d080\\nx17: 0000000000000000 x16: 0000000000000020\\nx15: ffffffdb1acdbb88 x14: ffffff888759e2b0\\nx13: 0000000000000000 x12: ffffff802da49000\\nx11: 000000000a001200 x10: ffffff8803e7ed40\\nx9 : ffffff8023195800 x8 : ffffff802da49078\\nx7 : 0000000000000001 x6 : 0000000000000000\\nx5 : 0000000000000006 x4 : ffffffc010cbba28\\nx3 : 0000000000000000 x2 : ffffffc010cbb480\\nx1 : 0000000000000000 x0 : ffffff8803e7ed40\\nCall trace:\\n __lookup_extent_tree+0xd8/0x760\\n f2fs_do_write_data_page+0x104/0x87c\\n f2fs_write_single_data_page+0x420/0xb60\\n f2fs_write_cache_pages+0x418/0xb1c\\n __f2fs_write_data_pages+0x428/0x58c\\n f2fs_write_data_pages+0x30/0x40\\n do_writepages+0x88/0x190\\n __writeback_single_inode+0x48/0x448\\n writeback_sb_inodes+0x468/0x9e8\\n __writeback_inodes_wb+0xb8/0x2a4\\n wb_writeback+0x33c/0x740\\n wb_do_writeback+0x2b4/0x400\\n wb_workfn+0xe4/0x34c\\n process_one_work+0x24c/0x5bc\\n worker_thread+0x3e8/0xa50\\n kthread+0x150/0x1b4\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: evitemos el p\u00e1nico si no se crea extend_tree. Este parche evita el siguiente p\u00e1nico. pc: __lookup_extent_tree+0xd8/0x760 lr: f2fs_do_write_data_page+0x104/0x87c sp: ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 : ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e9090 0x19: 0000000000000000 x18: ffffffc010c5d080 x17: 0000000000000000 x16: 0000000000000020 x15: ffffffdb1acdbb88 x14: ffffff888759e2b0 x13: 0000000000000000 x12: 02da49000 x11: 000000000a001200 x10: ffffff8803e7ed40 x9: ffffff8023195800 x8: ffffff802da49078 x7: 0000000000000001 x6: 0000000000000000 x5 000000000000006 x4: ffffffc010cbba28 x3: 0000000000000000 x2: ffffffc010cbb480 x1: 0000000000000000 x0: ffffff8803e7ed40 Rastreo de llamadas: __lookup_extent_tree+0xd8/0x760 f2fs_do_write_data_page+0x104/0x87c f2fs_write_single_data_page+0x420/0xb60 f 2fs_write_cache_pages+0x418/0xb1c __f2fs_write_data_pages+0x428/0x58c f2fs_write_data_pages+0x30/0x40 do_writepages+0x88/0x190 __writeback_single_inode+0x48/0x448 writeback_sb_inodes+0x468/0x9e8 __writeback_inodes_wb+0xb8/0x2a4 wb_writeback+0x33c/0x740 wb_do_writeback+0x2b4/0x400 wb_workfn+0xe4/0x34c Process_one_work+0x24c/0x5bc trabajador_thread+0x3e8/0xa 50 khilo+0x150/0x1b4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.14.304\",\"matchCriteriaId\":\"E8A9B982-D3D6-49CA-BF0A-196ED7947B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.271\",\"matchCriteriaId\":\"D86DA289-B5BC-4629-BD56-AB453D481393\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.230\",\"matchCriteriaId\":\"9DB7398D-9781-49C5-B2AE-1969B694B614\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.165\",\"matchCriteriaId\":\"C6002D5B-9B6A-4788-B943-E3EE01E01303\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.90\",\"matchCriteriaId\":\"E995CDA5-7223-4FDB-BAD3-81B22C763A43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.8\",\"matchCriteriaId\":\"A6AFE6C9-3F59-4711-B2CF-7D6682FF6BD0\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1c38cdc747f00daf7394535eae5afc4c503c59bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2c129e868992621a739bdd57a5bffa3985ef1b91\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/557e85ff9afef6d45020b6f09357111d38033c31\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/72009139a661ade5cb1da4239734ed02fa1cfff0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/df9d44b645b83fffccfb4e28c1f93376585fdec8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ff85a1dbd90d29f73033177ff8d8de4a27d9721c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.