{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49363","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.547Z","datePublished":"2025-02-26T02:11:09.817Z","dateUpdated":"2025-07-11T17:19:17.959Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-07-11T17:19:17.959Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\n f2fs_invalidate_blocks+0x193/0x2d0\n f2fs_fallocate+0x2593/0x4a70\n vfs_fallocate+0x2a5/0xac0\n ksys_fallocate+0x35/0x70\n __x64_sys_fallocate+0x8e/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\n\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/file.c"],"versions":[{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"a34d7b49894b0533222188a52e2958750f830efd","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"f2e1c38b5ac64eb1a16a89c52fb419409d12c25b","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"470493be19a5730ed432e3ac0f29a2ee7fc6c557","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"805b48b234a2803cb7daec7f158af12f0fbaefac","status":"affected","versionType":"git"},{"version":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4","lessThan":"25f8236213a91efdf708b9d77e9e51b6fc3e141c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/file.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"5.4.198","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.121","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.46","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.17.14","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18.3","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.4.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.17.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"},{"url":"https://git.kernel.org/stable/c/a34d7b49894b0533222188a52e2958750f830efd"},{"url":"https://git.kernel.org/stable/c/f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"},{"url":"https://git.kernel.org/stable/c/470493be19a5730ed432e3ac0f29a2ee7fc6c557"},{"url":"https://git.kernel.org/stable/c/805b48b234a2803cb7daec7f158af12f0fbaefac"},{"url":"https://git.kernel.org/stable/c/25f8236213a91efdf708b9d77e9e51b6fc3e141c"}],"title":"f2fs: fix to do sanity check on block address in f2fs_do_zero_range()","x_generator":{"engine":"bippy-1.2.0"}}}}