{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48635","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:44:28.315Z","datePublished":"2024-04-28T12:59:24.359Z","dateUpdated":"2025-10-29T13:18:47.502Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-10-29T13:18:47.502Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: Fix infinite loop in dax_iomap_rw()\n\nI got an infinite loop and a WARNING report when executing a tail command\nin virtiofs.\n\n  WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0\n  Modules linked in:\n  CPU: 10 PID: 964 Comm: tail Not tainted 5.19.0-rc7\n  Call Trace:\n  <TASK>\n  dax_iomap_rw+0xea/0x620\n  ? __this_cpu_preempt_check+0x13/0x20\n  fuse_dax_read_iter+0x47/0x80\n  fuse_file_read_iter+0xae/0xd0\n  new_sync_read+0xfe/0x180\n  ? 0xffffffff81000000\n  vfs_read+0x14d/0x1a0\n  ksys_read+0x6d/0xf0\n  __x64_sys_read+0x1a/0x20\n  do_syscall_64+0x3b/0x90\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe tail command will call read() with a count of 0. In this case,\niomap_iter() will report this WARNING, and always return 1 which casuing\nthe infinite loop in dax_iomap_rw().\n\nFixing by checking count whether is 0 in dax_iomap_rw()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/dax.c"],"versions":[{"version":"8df4919cb921b28809d05feae3e98dc5d8b48146","lessThan":"463f36137c40342fb03bba380c1bf703c40d89a6","status":"affected","versionType":"git"},{"version":"ca289e0b95afa973d204c77a4ad5c37e06145fbf","lessThan":"929ef155e1da41c06f4d8ca86ae12b851a83a744","status":"affected","versionType":"git"},{"version":"ca289e0b95afa973d204c77a4ad5c37e06145fbf","lessThan":"60644dffac87b1bb47bdb393aa29d5f2ffcf41a0","status":"affected","versionType":"git"},{"version":"ca289e0b95afa973d204c77a4ad5c37e06145fbf","lessThan":"17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/dax.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.71","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.12","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/463f36137c40342fb03bba380c1bf703c40d89a6"},{"url":"https://git.kernel.org/stable/c/929ef155e1da41c06f4d8ca86ae12b851a83a744"},{"url":"https://git.kernel.org/stable/c/60644dffac87b1bb47bdb393aa29d5f2ffcf41a0"},{"url":"https://git.kernel.org/stable/c/17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3"}],"title":"fsdax: Fix infinite loop in dax_iomap_rw()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.2,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-48635","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-14T20:43:30.986785Z"}}}],"affected":[{"cpes":["cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"5.15"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:o:linux:linux_kernel:ca289e0b95af:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"ca289e0b95af","lessThan":"17d9c15c9b9e","versionType":"custom"}],"defaultStatus":"unknown"}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-835","description":"CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:16:39.520Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:17:55.386Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/929ef155e1da41c06f4d8ca86ae12b851a83a744","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/60644dffac87b1bb47bdb393aa29d5f2ffcf41a0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3","tags":["x_transferred"]}]}]}}