{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49348","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.543Z","datePublished":"2025-02-26T02:11:02.518Z","dateUpdated":"2025-06-19T12:56:18.264Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-06-19T12:56:18.264Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state\n\nThe EXT4_FC_REPLAY bit in sbi->s_mount_state is used to indicate that\nwe are in the middle of replay the fast commit journal.  This was\nactually a mistake, since the sbi->s_mount_info is initialized from\nes->s_state.  Arguably s_mount_state is misleadingly named, but the\nname is historical --- s_mount_state and s_state dates back to ext2.\n\nWhat should have been used is the ext4_{set,clear,test}_mount_flag()\ninline functions, which sets EXT4_MF_* bits in sbi->s_mount_flags.\n\nThe problem with using EXT4_FC_REPLAY is that a maliciously corrupted\nsuperblock could result in EXT4_FC_REPLAY getting set in\ns_mount_state.  This bypasses some sanity checks, and this can trigger\na BUG() in ext4_es_cache_extent().  As a easy-to-backport-fix, filter\nout the EXT4_FC_REPLAY bit for now.  We should eventually transition\naway from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/super.c"],"versions":[{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"b99fd73418350dea360da8311e87a6a7b0e15a4c","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"af2f1932743fb52ebcb008ad7ac500d9df0aa796","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"55b4dbb29054a05d839562f6d635ce05669b016d","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"c878bea3c9d724ddfa05a813f30de3d25a0ba83f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/super.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"5.10.121","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.46","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.17.14","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18.3","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.15.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.17.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04"},{"url":"https://git.kernel.org/stable/c/b99fd73418350dea360da8311e87a6a7b0e15a4c"},{"url":"https://git.kernel.org/stable/c/af2f1932743fb52ebcb008ad7ac500d9df0aa796"},{"url":"https://git.kernel.org/stable/c/55b4dbb29054a05d839562f6d635ce05669b016d"},{"url":"https://git.kernel.org/stable/c/c878bea3c9d724ddfa05a813f30de3d25a0ba83f"}],"title":"ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state","x_generator":{"engine":"bippy-1.2.0"}}}}