CVE-2022-49738 (GCVE-0-2022-49738)
Vulnerability from cvelistv5
Published
2025-03-27 16:42
Modified
2025-10-01 17:36
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kworker/u4:3/52 CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 data_blkaddr fs/f2fs/f2fs.h:2891 [inline] is_alive fs/f2fs/gc.c:1117 [inline] gc_data_segment fs/f2fs/gc.c:1520 [inline] do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 f2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831 f2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410 f2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753 write_inode fs/fs-writeback.c:1440 [inline] __writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652 writeback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870 wb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044 wb_do_writeback fs/fs-writeback.c:2187 [inline] wb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 The root cause is that we forgot to do sanity check on .i_extra_isize in below path, result in accessing invalid address later, fix it. - gc_data_segment - is_alive - data_blkaddr - offset_in_addr
References
Impacted products
Vendor Product Version
Linux Linux Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Version: 98e4da8ca301e062d79ae168c67e56f3c3de3ce4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-49738",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T17:36:53.560613Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T17:36:56.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/gc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e5142a4935c1f15841d06047b8130078fc4d7b8f",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "914e38f02a490dafd980ff0f39cccedc074deb29",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "5b25035fb888cb2f78bf0b9c9f95b1dc54480d36",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            },
            {
              "lessThan": "d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c",
              "status": "affected",
              "version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/gc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.232",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.168",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.93",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.11",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_extra_isize in is_alive()\n\nsyzbot found a f2fs bug:\n\nBUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline]\nBUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline]\nBUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline]\nBUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\nRead of size 4 at addr ffff888076557568 by task kworker/u4:3/52\n\nCPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nWorkqueue: writeback wb_workfn (flush-7:0)\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:284 [inline]\nprint_report+0x15e/0x45d mm/kasan/report.c:395\nkasan_report+0xbb/0x1f0 mm/kasan/report.c:495\ndata_blkaddr fs/f2fs/f2fs.h:2891 [inline]\nis_alive fs/f2fs/gc.c:1117 [inline]\ngc_data_segment fs/f2fs/gc.c:1520 [inline]\ndo_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\nf2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831\nf2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410\nf2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753\nwrite_inode fs/fs-writeback.c:1440 [inline]\n__writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652\nwriteback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870\nwb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044\nwb_do_writeback fs/fs-writeback.c:2187 [inline]\nwb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227\nprocess_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n\nThe root cause is that we forgot to do sanity check on .i_extra_isize\nin below path, result in accessing invalid address later, fix it.\n- gc_data_segment\n - is_alive\n  - data_blkaddr\n   - offset_in_addr"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:21.410Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29"
        },
        {
          "url": "https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c"
        }
      ],
      "title": "f2fs: fix to do sanity check on i_extra_isize in is_alive()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49738",
    "datePublished": "2025-03-27T16:42:50.951Z",
    "dateReserved": "2025-03-27T16:39:17.986Z",
    "dateUpdated": "2025-10-01T17:36:56.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49738\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-27T17:15:38.340\",\"lastModified\":\"2025-10-01T18:15:30.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: fix to do sanity check on i_extra_isize in is_alive()\\n\\nsyzbot found a f2fs bug:\\n\\nBUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline]\\nBUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline]\\nBUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline]\\nBUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\\nRead of size 4 at addr ffff888076557568 by task kworker/u4:3/52\\n\\nCPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\\nWorkqueue: writeback wb_workfn (flush-7:0)\\nCall Trace:\\n\u003cTASK\u003e\\n__dump_stack lib/dump_stack.c:88 [inline]\\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\\nprint_address_description mm/kasan/report.c:284 [inline]\\nprint_report+0x15e/0x45d mm/kasan/report.c:395\\nkasan_report+0xbb/0x1f0 mm/kasan/report.c:495\\ndata_blkaddr fs/f2fs/f2fs.h:2891 [inline]\\nis_alive fs/f2fs/gc.c:1117 [inline]\\ngc_data_segment fs/f2fs/gc.c:1520 [inline]\\ndo_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\\nf2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831\\nf2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410\\nf2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753\\nwrite_inode fs/fs-writeback.c:1440 [inline]\\n__writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652\\nwriteback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870\\nwb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044\\nwb_do_writeback fs/fs-writeback.c:2187 [inline]\\nwb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227\\nprocess_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\\n\\nThe root cause is that we forgot to do sanity check on .i_extra_isize\\nin below path, result in accessing invalid address later, fix it.\\n- gc_data_segment\\n - is_alive\\n  - data_blkaddr\\n   - offset_in_addr\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para realizar una comprobaci\u00f3n de cordura en i_extra_isize en is_alive() syzbot encontr\u00f3 un error de f2fs: ERROR: KASAN: slab-out-of-bounds en data_blkaddr fs/f2fs/f2fs.h:2891 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en is_alive fs/f2fs/gc.c:1117 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en gc_data_segment fs/f2fs/gc.c:1520 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888076557568 por la tarea kworker/u4:3/52 CPU: 1 PID: 52 Comm: kworker/u4:3 No contaminado 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 26/10/2022 Cola de trabajo: escritura diferida wb_workfn (flush-7:0) Rastreo de llamadas: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 data_blkaddr fs/f2fs/f2fs.h:2891 [inline] is_alive fs/f2fs/gc.c:1117 [inline] gc_data_segment fs/f2fs/gc.c:1520 [inline] do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 f2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831 f2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410 f2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753 write_inode fs/fs-writeback.c:1440 [inline] __writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652 writeback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870 wb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044 wb_do_writeback fs/fs-writeback.c:2187 [inline] wb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 La causa ra\u00edz es que olvidamos hacer una comprobaci\u00f3n de cordura en .i_extra_isize en la siguiente ruta, lo que da como resultado el acceso a una direcci\u00f3n no v\u00e1lida m\u00e1s tarde, corr\u00edjalo. - gc_data_segment - is_alive - data_blkaddr - offset_in_addr\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4.232\",\"matchCriteriaId\":\"B50AC354-4651-4CDE-8EA9-58A9A917F725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.168\",\"matchCriteriaId\":\"12258A3F-04BD-49C9-9C6B-D3C1945E8910\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.93\",\"matchCriteriaId\":\"98FAC10E-42A0-4372-B1A0-A49CF672890E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.11\",\"matchCriteriaId\":\"535D03F4-DA02-49FE-934E-668827E6407B\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-49738\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T17:36:53.560613Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T16:58:56.847Z\"}}], \"cna\": {\"title\": \"f2fs: fix to do sanity check on i_extra_isize in is_alive()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"e5142a4935c1f15841d06047b8130078fc4d7b8f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"914e38f02a490dafd980ff0f39cccedc074deb29\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"5b25035fb888cb2f78bf0b9c9f95b1dc54480d36\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"98e4da8ca301e062d79ae168c67e56f3c3de3ce4\", \"lessThan\": \"d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/f2fs/gc.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.8\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.8\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.232\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.168\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.93\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.2\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/f2fs/gc.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f\"}, {\"url\": \"https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29\"}, {\"url\": \"https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a\"}, {\"url\": \"https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36\"}, {\"url\": \"https://git.kernel.org/stable/c/d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: fix to do sanity check on i_extra_isize in is_alive()\\n\\nsyzbot found a f2fs bug:\\n\\nBUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline]\\nBUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline]\\nBUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline]\\nBUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\\nRead of size 4 at addr ffff888076557568 by task kworker/u4:3/52\\n\\nCPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\\nWorkqueue: writeback wb_workfn (flush-7:0)\\nCall Trace:\\n\u003cTASK\u003e\\n__dump_stack lib/dump_stack.c:88 [inline]\\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\\nprint_address_description mm/kasan/report.c:284 [inline]\\nprint_report+0x15e/0x45d mm/kasan/report.c:395\\nkasan_report+0xbb/0x1f0 mm/kasan/report.c:495\\ndata_blkaddr fs/f2fs/f2fs.h:2891 [inline]\\nis_alive fs/f2fs/gc.c:1117 [inline]\\ngc_data_segment fs/f2fs/gc.c:1520 [inline]\\ndo_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\\nf2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831\\nf2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410\\nf2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753\\nwrite_inode fs/fs-writeback.c:1440 [inline]\\n__writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652\\nwriteback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870\\nwb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044\\nwb_do_writeback fs/fs-writeback.c:2187 [inline]\\nwb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227\\nprocess_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\\n\\nThe root cause is that we forgot to do sanity check on .i_extra_isize\\nin below path, result in accessing invalid address later, fix it.\\n- gc_data_segment\\n - is_alive\\n  - data_blkaddr\\n   - offset_in_addr\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.232\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.168\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.93\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.11\", \"versionStartIncluding\": \"3.8\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.2\", \"versionStartIncluding\": \"3.8\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-07-11T17:19:21.410Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-49738\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T17:36:56.110Z\", \"dateReserved\": \"2025-03-27T16:39:17.986Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-03-27T16:42:50.951Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.