ghsa-45cv-7v28-m46p
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
If we get -ENOMEM while dropping file extent items in a given range, at btrfs_drop_extents(), due to failure to allocate memory when attempting to increment the reference count for an extent or drop the reference count, we handle it with a BUG_ON(). This is excessive, instead we can simply abort the transaction and return the error to the caller. In fact most callers of btrfs_drop_extents(), directly or indirectly, already abort the transaction if btrfs_drop_extents() returns any error.
Also, we already have error paths at btrfs_drop_extents() that may return -ENOMEM and in those cases we abort the transaction, like for example anything that changes the b+tree may return -ENOMEM due to a failure to allocate a new extent buffer when COWing an existing extent buffer, such as a call to btrfs_duplicate_item() for example.
So replace the BUG_ON() calls with proper logic to abort the transaction and return the error.
{
"affected": [],
"aliases": [
"CVE-2022-50293"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:40Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range\n\nIf we get -ENOMEM while dropping file extent items in a given range, at\nbtrfs_drop_extents(), due to failure to allocate memory when attempting to\nincrement the reference count for an extent or drop the reference count,\nwe handle it with a BUG_ON(). This is excessive, instead we can simply\nabort the transaction and return the error to the caller. In fact most\ncallers of btrfs_drop_extents(), directly or indirectly, already abort\nthe transaction if btrfs_drop_extents() returns any error.\n\nAlso, we already have error paths at btrfs_drop_extents() that may return\n-ENOMEM and in those cases we abort the transaction, like for example\nanything that changes the b+tree may return -ENOMEM due to a failure to\nallocate a new extent buffer when COWing an existing extent buffer, such\nas a call to btrfs_duplicate_item() for example.\n\nSo replace the BUG_ON() calls with proper logic to abort the transaction\nand return the error.",
"id": "GHSA-45cv-7v28-m46p",
"modified": "2025-09-15T15:31:26Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50293"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/162d053e15fe985f754ef495a96eb3db970c43ed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1baf3370e2dc5e6bd1368348736189457dab2a27"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50f993da945074b2a069da099a0331b23a0c89a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fbcb635c8fc927d139f3302babcf1b42c09265c"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.