{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49360","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.546Z","datePublished":"2025-02-26T02:11:08.402Z","dateUpdated":"2025-07-11T17:19:15.783Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-07-11T17:19:15.783Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on total_data_blocks\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215916\n\nThe kernel message is shown below:\n\nkernel BUG at fs/f2fs/segment.c:2560!\nCall Trace:\n allocate_segment_by_default+0x228/0x440\n f2fs_allocate_data_block+0x13d1/0x31f0\n do_write_page+0x18d/0x710\n f2fs_outplace_write_data+0x151/0x250\n f2fs_do_write_data_page+0xef9/0x1980\n move_data_page+0x6af/0xbc0\n do_garbage_collect+0x312f/0x46f0\n f2fs_gc+0x6b0/0x3bc0\n f2fs_balance_fs+0x921/0x2260\n f2fs_write_single_data_page+0x16be/0x2370\n f2fs_write_cache_pages+0x428/0xd00\n f2fs_write_data_pages+0x96e/0xd50\n do_writepages+0x168/0x550\n __writeback_single_inode+0x9f/0x870\n writeback_sb_inodes+0x47d/0xb20\n __writeback_inodes_wb+0xb2/0x200\n wb_writeback+0x4bd/0x660\n wb_workfn+0x5f3/0xab0\n process_one_work+0x79f/0x13e0\n worker_thread+0x89/0xf60\n kthread+0x26a/0x300\n ret_from_fork+0x22/0x30\nRIP: 0010:new_curseg+0xe8d/0x15f0\n\nThe root cause is: ckpt.valid_block_count is inconsistent with SIT table,\nstat info indicates filesystem has free blocks, but SIT table indicates\nfilesystem has no free segment.\n\nSo that during garbage colloection, it triggers panic when LFS allocator\nfails to find free segment.\n\nThis patch tries to fix this issue by checking consistency in between\nckpt.valid_block_count and block accounted from SIT."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/f2fs.h","fs/f2fs/segment.c","fs/f2fs/segment.h"],"versions":[{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"ef221b738b26d8c9f7e7967f4586db2dd3bd5288","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"c9e4cd5b0ccd7168801d6a811919171b185c5cf8","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"071b1269a3b3ad9cec16ed76a48015bfffd9aee8","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"cc8c9df19971e59ebbe669ce710080e347dfec32","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"6b8beca0edd32075a769bfe4178ca00c0dcd22a9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/f2fs.h","fs/f2fs/segment.c","fs/f2fs/segment.h"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"5.10.121","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.46","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.17.14","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18.3","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.17.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ef221b738b26d8c9f7e7967f4586db2dd3bd5288"},{"url":"https://git.kernel.org/stable/c/c9e4cd5b0ccd7168801d6a811919171b185c5cf8"},{"url":"https://git.kernel.org/stable/c/071b1269a3b3ad9cec16ed76a48015bfffd9aee8"},{"url":"https://git.kernel.org/stable/c/cc8c9df19971e59ebbe669ce710080e347dfec32"},{"url":"https://git.kernel.org/stable/c/6b8beca0edd32075a769bfe4178ca00c0dcd22a9"}],"title":"f2fs: fix to do sanity check on total_data_blocks","x_generator":{"engine":"bippy-1.2.0"}}}}