ghsa-qgfx-vv83-vj4g
Vulnerability from github
Published
2025-09-23 15:31
Modified
2025-09-23 15:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: don't BUG if someone dirty pages without asking ext4 first

[un]pin_user_pages_remote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 2018[1]; however, more recently instead of it being a very hard-to-hit race, it could be reliably triggered by process_vm_writev(2) which was discovered by Syzbot[2].

This is technically a bug in mm/gup.c, but arguably ext4 is fragile in that if some other kernel subsystem dirty pages without properly notifying the file system using page_mkwrite(), ext4 will BUG, while other file systems will not BUG (although data will still be lost).

So instead of crashing with a BUG, issue a warning (since there may be potential data loss) and just mark the page as clean to avoid unprivileged denial of service attacks until the problem can be properly fixed. More discussion and background can be found in the thread starting at [2].

[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz [2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:54Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: don\u0027t BUG if someone dirty pages without asking ext4 first\n\n[un]pin_user_pages_remote is dirtying pages without properly warning\nthe file system in advance.  A related race was noted by Jan Kara in\n2018[1]; however, more recently instead of it being a very hard-to-hit\nrace, it could be reliably triggered by process_vm_writev(2) which was\ndiscovered by Syzbot[2].\n\nThis is technically a bug in mm/gup.c, but arguably ext4 is fragile in\nthat if some other kernel subsystem dirty pages without properly\nnotifying the file system using page_mkwrite(), ext4 will BUG, while\nother file systems will not BUG (although data will still be lost).\n\nSo instead of crashing with a BUG, issue a warning (since there may be\npotential data loss) and just mark the page as clean to avoid\nunprivileged denial of service attacks until the problem can be\nproperly fixed.  More discussion and background can be found in the\nthread starting at [2].\n\n[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz\n[2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com",
  "id": "GHSA-qgfx-vv83-vj4g",
  "modified": "2025-09-23T15:31:08Z",
  "published": "2025-09-23T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49171"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d3a6926f7e8be3c897fa46216ce13b119a9f56a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/330d0e44fc5a47c27df958ecdd4693a3cb1d8b81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/343117559ef41e992e326f7a92da1a8f254dfa8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a016c053f426a73752c3b41b60b497b58694d48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5db60e76edf5680ff1f3a7221036fc44b308f146"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/677c9d30e8487bee6c8e3b034070319d98f6e203"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0856764dc1276ad2dc7891288c2e9246bf11a37"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc5095747edfb054ca2068d01af20be3fcc3634f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d666dfaa571465a19f014534a214c255ea33f301"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.