cvelistv5 - cve-2022-49469

CVE-2022-49469 (GCVE-0-2022-49469)

Vulnerability from cvelistv5

Published

2025-02-26 02:13

Modified

2025-06-19 12:56

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this.

References

URL

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a	Patch

Impacted products

Vendor

Product

Version

Linux

Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788
Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788
Version: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788
Version: 917d608fe375041eb7f29befa6a6d7fd3cf32dde

Linux

Version: 5.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d887b3de318834f9aa637ecf79c6bc66cba7c69a",
              "status": "affected",
              "version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
              "versionType": "git"
            },
            {
              "lessThan": "7a875ad8706f0903a0e812e0dd701956ee9826ff",
              "status": "affected",
              "version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
              "versionType": "git"
            },
            {
              "lessThan": "2256e901f5bddc56e24089c96f27b77da932dfcc",
              "status": "affected",
              "version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "917d608fe375041eb7f29befa6a6d7fd3cf32dde",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.14",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:20.479Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc"
        }
      ],
      "title": "btrfs: fix anon_dev leak in create_subvol()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49469",
    "datePublished": "2025-02-26T02:13:13.387Z",
    "dateReserved": "2025-02-26T02:08:31.578Z",
    "dateUpdated": "2025-06-19T12:56:20.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49469\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:23.157\",\"lastModified\":\"2025-10-22T17:22:59.173\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix anon_dev leak in create_subvol()\\n\\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\\nanon_dev. Reorganize the error handling in create_subvol() to fix this.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige la fuga de anon_dev en create_subvol() Cuando btrfs_qgroup_inherit(), btrfs_alloc_tree_block o btrfs_insert_root() fallan en create_subvol(), regresamos sin liberar anon_dev. Reorganice la gesti\u00f3n de errores en create_subvol() para solucionar esto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.8.3\",\"versionEndExcluding\":\"5.17.14\",\"matchCriteriaId\":\"618D74C0-9F82-42D3-862D-61E9CFE5A7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18\",\"versionEndExcluding\":\"5.18.3\",\"matchCriteriaId\":\"8E122216-2E9E-4B3E-B7B8-D575A45BA3C2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}

ghsa-fh4q-xrmp-hv9j

Vulnerability from github

Published

2025-10-22 18:30

Modified

2025-10-22 18:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix anon_dev leak in create_subvol()

When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this.",
  "id": "GHSA-fh4q-xrmp-hv9j",
  "modified": "2025-10-22T18:30:31Z",
  "published": "2025-10-22T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49469"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0920

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 mysql 8.0.43-1
Microsoft	N/A	azl3 unbound 1.19.1-4
Microsoft	N/A	azl3 mysql versions antérieures à 8.0.44-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 lz4 1.9.4-1
Microsoft	N/A	azl3 squid versions antérieures à 6.13-3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2022-49267	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62168	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49306	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49610	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11411	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53069	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53062	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49562	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49469	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49333	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49504	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53042	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53045	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53054	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49635	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53040	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57888	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49552	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53053	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49420	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53044	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62813	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57899	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38564	2025-10-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 mysql 8.0.43-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 unbound 1.19.1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 mysql versions ant\u00e9rieures \u00e0 8.0.44-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 lz4 1.9.4-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 squid versions ant\u00e9rieures \u00e0 6.13-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-62168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
    },
    {
      "name": "CVE-2025-53042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
    },
    {
      "name": "CVE-2025-53062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
    },
    {
      "name": "CVE-2022-49610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49610"
    },
    {
      "name": "CVE-2022-49469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49469"
    },
    {
      "name": "CVE-2024-57888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
    },
    {
      "name": "CVE-2022-49333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49333"
    },
    {
      "name": "CVE-2022-49562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
    },
    {
      "name": "CVE-2022-49306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49306"
    },
    {
      "name": "CVE-2025-62813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
    },
    {
      "name": "CVE-2025-53069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
    },
    {
      "name": "CVE-2025-53044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
    },
    {
      "name": "CVE-2022-49504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
    },
    {
      "name": "CVE-2022-49420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49420"
    },
    {
      "name": "CVE-2022-49635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49635"
    },
    {
      "name": "CVE-2024-57899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
    },
    {
      "name": "CVE-2025-53054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
    },
    {
      "name": "CVE-2024-38564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
    },
    {
      "name": "CVE-2025-53040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
    },
    {
      "name": "CVE-2022-49552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49552"
    },
    {
      "name": "CVE-2025-53045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
    },
    {
      "name": "CVE-2025-53053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
    },
    {
      "name": "CVE-2022-49267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49267"
    },
    {
      "name": "CVE-2025-11411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
    }
  ],
  "initial_release_date": "2025-10-24T00:00:00",
  "last_revision_date": "2025-10-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0920",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49267"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62168"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49306",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49306"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49610",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11411",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11411"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53069"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53062"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49562",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49469",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49469"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49333",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49333"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49504",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49504"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53042",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53042"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53045",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53045"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53054",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53054"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49635",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53040"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57888",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57888"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53053"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49420",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49420"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53044",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53044"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62813",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62813"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57899",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57899"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38564",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38564"
    }
  ]
}

fkie_cve-2022-49469

Vulnerability from fkie_nvd

Published

2025-02-26 07:01

Modified

2025-10-22 17:22

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a	Patch

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "618D74C0-9F82-42D3-862D-61E9CFE5A7F5",
              "versionEndExcluding": "5.17.14",
              "versionStartIncluding": "5.8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2",
              "versionEndExcluding": "5.18.3",
              "versionStartIncluding": "5.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige la fuga de anon_dev en create_subvol() Cuando btrfs_qgroup_inherit(), btrfs_alloc_tree_block o btrfs_insert_root() fallan en create_subvol(), regresamos sin liberar anon_dev. Reorganice la gesti\u00f3n de errores en create_subvol() para solucionar esto."
    }
  ],
  "id": "CVE-2022-49469",
  "lastModified": "2025-10-22T17:22:59.173",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-26T07:01:23.157",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

msrc_cve-2022-49469

Vulnerability from csaf_microsoft

Published

2025-02-02 00:00

Modified

2025-10-24 01:01

Summary

btrfs: fix anon_dev leak in create_subvol()

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2022-49469 btrfs: fix anon_dev leak in create_subvol() - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2022-49469.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "btrfs: fix anon_dev leak in create_subvol()",
    "tracking": {
      "current_release_date": "2025-10-24T01:01:38.000Z",
      "generator": {
        "date": "2025-10-24T05:22:50.709Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2022-49469",
      "initial_release_date": "2025-02-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-24T01:01:38.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 kernel 5.15.186.1-1",
                "product": {
                  "name": "cbl2 kernel 5.15.186.1-1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kernel 5.15.186.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-49469",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-49469 btrfs: fix anon_dev leak in create_subvol() - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2022-49469.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-10-24T01:01:38.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17086-1"
          ]
        }
      ],
      "title": "btrfs: fix anon_dev leak in create_subvol()"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-49469 (GCVE-0-2022-49469)

Vulnerability from cvelistv5

ghsa-fh4q-xrmp-hv9j

Vulnerability from github

CERTFR-2025-AVI-0920

Vulnerability from certfr_avis

Solutions

fkie_cve-2022-49469

Vulnerability from fkie_nvd

msrc_cve-2022-49469

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature