{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49428","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.569Z","datePublished":"2025-02-26T02:12:48.149Z","dateUpdated":"2025-05-04T08:37:27.663Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:37:27.663Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on inline_dots inode\n\nAs Wenqing reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215765\n\nIt will cause a kernel panic with steps:\n- mkdir mnt\n- mount tmp40.img mnt\n- ls mnt\n\nfolio_mark_dirty+0x33/0x50\nf2fs_add_regular_entry+0x541/0xad0 [f2fs]\nf2fs_add_dentry+0x6c/0xb0 [f2fs]\nf2fs_do_add_link+0x182/0x230 [f2fs]\n__recover_dot_dentries+0x2d6/0x470 [f2fs]\nf2fs_lookup+0x5af/0x6a0 [f2fs]\n__lookup_slow+0xac/0x200\nlookup_slow+0x45/0x70\nwalk_component+0x16c/0x250\npath_lookupat+0x8b/0x1f0\nfilename_lookup+0xef/0x250\nuser_path_at_empty+0x46/0x70\nvfs_statx+0x98/0x190\n__do_sys_newlstat+0x41/0x90\n__x64_sys_newlstat+0x1a/0x30\ndo_syscall_64+0x37/0xb0\nentry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is for special file: e.g. character, block, fifo or\nsocket file, f2fs doesn't assign address space operations pointer array\nfor mapping->a_ops field, so, in a fuzzed image, if inline_dots flag was\ntagged in special file, during lookup(), when f2fs runs into\n__recover_dot_dentries(), it will cause NULL pointer access once\nf2fs_add_regular_entry() calls a_ops->set_dirty_page()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/namei.c"],"versions":[{"version":"510022a85839a8409d1e6a519bb86ce71a84f30a","lessThan":"250e5a6be52a6b9d82fe91976c83cc158868b4e9","status":"affected","versionType":"git"},{"version":"510022a85839a8409d1e6a519bb86ce71a84f30a","lessThan":"34f48ce5d5936eea33e3b6415403e57eb84aff97","status":"affected","versionType":"git"},{"version":"510022a85839a8409d1e6a519bb86ce71a84f30a","lessThan":"2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a","status":"affected","versionType":"git"},{"version":"510022a85839a8409d1e6a519bb86ce71a84f30a","lessThan":"12662d19467b391b5b509ac5e9ab4f583c6dde16","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/namei.c"],"versions":[{"version":"4.1","status":"affected"},{"version":"0","lessThan":"4.1","status":"unaffected","versionType":"semver"},{"version":"5.15.46","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.17.14","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18.3","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"5.15.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"5.17.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"5.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/250e5a6be52a6b9d82fe91976c83cc158868b4e9"},{"url":"https://git.kernel.org/stable/c/34f48ce5d5936eea33e3b6415403e57eb84aff97"},{"url":"https://git.kernel.org/stable/c/2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a"},{"url":"https://git.kernel.org/stable/c/12662d19467b391b5b509ac5e9ab4f583c6dde16"}],"title":"f2fs: fix to do sanity check on inline_dots inode","x_generator":{"engine":"bippy-1.2.0"}}}}