{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49708","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.444Z","datePublished":"2025-02-26T02:24:26.142Z","dateUpdated":"2025-05-04T12:45:10.177Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:45:10.177Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on ext4_mb_use_inode_pa\n\nHulk Robot reported a BUG_ON:\n==================================================================\nkernel BUG at fs/ext4/mballoc.c:3211!\n[...]\nRIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f\n[...]\nCall Trace:\n ext4_mb_new_blocks+0x9df/0x5d30\n ext4_ext_map_blocks+0x1803/0x4d80\n ext4_map_blocks+0x3a4/0x1a10\n ext4_writepages+0x126d/0x2c30\n do_writepages+0x7f/0x1b0\n __filemap_fdatawrite_range+0x285/0x3b0\n file_write_and_wait_range+0xb1/0x140\n ext4_sync_file+0x1aa/0xca0\n vfs_fsync_range+0xfb/0x260\n do_fsync+0x48/0xa0\n[...]\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\ndo_fsync\n vfs_fsync_range\n  ext4_sync_file\n   file_write_and_wait_range\n    __filemap_fdatawrite_range\n     do_writepages\n      ext4_writepages\n       mpage_map_and_submit_extent\n        mpage_map_one_extent\n         ext4_map_blocks\n          ext4_mb_new_blocks\n           ext4_mb_normalize_request\n            >>> start + size <= ac->ac_o_ex.fe_logical\n           ext4_mb_regular_allocator\n            ext4_mb_simple_scan_group\n             ext4_mb_use_best_found\n              ext4_mb_new_preallocation\n               ext4_mb_new_inode_pa\n                ext4_mb_use_inode_pa\n                 >>> set ac->ac_b_ex.fe_len <= 0\n           ext4_mb_mark_diskspace_used\n            >>> BUG_ON(ac->ac_b_ex.fe_len <= 0);\n\nwe can easily reproduce this problem with the following commands:\n\t`fallocate -l100M disk`\n\t`mkfs.ext4 -b 1024 -g 256 disk`\n\t`mount disk /mnt`\n\t`fsstress -d /mnt -l 0 -n 1000 -p 1`\n\nThe size must be smaller than or equal to EXT4_BLOCKS_PER_GROUP.\nTherefore, \"start + size <= ac->ac_o_ex.fe_logical\" may occur\nwhen the size is truncated. So start should be the start position of\nthe group where ac_o_ex.fe_logical is located after alignment.\nIn addition, when the value of fe_logical or EXT4_BLOCKS_PER_GROUP\nis very large, the value calculated by start_off is more accurate."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/mballoc.c"],"versions":[{"version":"fc6c2da174edd7a7b760b12c60d432d300e05cca","lessThan":"6880fb2e64331b9fdc85d3f32b1d7e81ad8703f1","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"a37c1359714da42517dd19d36fc3c4d17edba832","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"5707d721d1819db57dba57b1d4623034fcb32047","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"a6b31616e5afe1d3972cb0682a373e50597faf5c","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"6fdaf31ad5f3d3afab744dfd9a8b0d9142aa881f","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"90f0f9d45dff0128c0fca0d2358c4153b024afa6","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"887a3e9ad4b8309a2266bce7ae749b2bf1f7a687","status":"affected","versionType":"git"},{"version":"cd648b8a8fd5071d232242d5ee7ee3c0815776af","lessThan":"a08f789d2ab5242c07e716baf9a835725046be89","status":"affected","versionType":"git"},{"version":"f213db429b883a2d5403de0b1ce92fb7d7ee979e","status":"affected","versionType":"git"},{"version":"98f58e05231f835dfb09359e3b5e3a886fe8f189","status":"affected","versionType":"git"},{"version":"c1664e9bcf6291c0ceb8599f57c8cf493526abe6","status":"affected","versionType":"git"},{"version":"37cf4ab1ba60c30ca9fd0fe3b9993b24cb87886a","status":"affected","versionType":"git"},{"version":"75f37dab088eb84ff25a49e59371f01ea3f44aa7","status":"affected","versionType":"git"},{"version":"8774c73cf6963310395823ed7077ea12943ea0f3","status":"affected","versionType":"git"},{"version":"c4fbdc0124799f1772f4d886b7f2e1a6f881d195","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/mballoc.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"4.9.320","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.285","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.249","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.200","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.124","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.49","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.6","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.14","versionEndExcluding":"4.9.320"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"4.14.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"4.19.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.4.200"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.124"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.15.49"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.18.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.107"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.72"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6880fb2e64331b9fdc85d3f32b1d7e81ad8703f1"},{"url":"https://git.kernel.org/stable/c/a37c1359714da42517dd19d36fc3c4d17edba832"},{"url":"https://git.kernel.org/stable/c/5707d721d1819db57dba57b1d4623034fcb32047"},{"url":"https://git.kernel.org/stable/c/a6b31616e5afe1d3972cb0682a373e50597faf5c"},{"url":"https://git.kernel.org/stable/c/6fdaf31ad5f3d3afab744dfd9a8b0d9142aa881f"},{"url":"https://git.kernel.org/stable/c/90f0f9d45dff0128c0fca0d2358c4153b024afa6"},{"url":"https://git.kernel.org/stable/c/887a3e9ad4b8309a2266bce7ae749b2bf1f7a687"},{"url":"https://git.kernel.org/stable/c/a08f789d2ab5242c07e716baf9a835725046be89"}],"title":"ext4: fix bug_on ext4_mb_use_inode_pa","x_generator":{"engine":"bippy-1.2.0"}}}}