{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50344","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-16T16:03:27.881Z","datePublished":"2025-09-16T16:11:23.345Z","dateUpdated":"2026-05-11T19:17:37.555Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:17:37.555Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix null-ptr-deref in ext4_write_info\n\nI caught a null-ptr-deref bug as follows:\n==================================================================\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339\nRIP: 0010:ext4_write_info+0x53/0x1b0\n[...]\nCall Trace:\n dquot_writeback_dquots+0x341/0x9a0\n ext4_sync_fs+0x19e/0x800\n __sync_filesystem+0x83/0x100\n sync_filesystem+0x89/0xf0\n generic_shutdown_super+0x79/0x3e0\n kill_block_super+0xa1/0x110\n deactivate_locked_super+0xac/0x130\n deactivate_super+0xb6/0xd0\n cleanup_mnt+0x289/0x400\n __cleanup_mnt+0x16/0x20\n task_work_run+0x11c/0x1c0\n exit_to_user_mode_prepare+0x203/0x210\n syscall_exit_to_user_mode+0x5b/0x3a0\n do_syscall_64+0x59/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n ==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\nexit_to_user_mode_prepare\n task_work_run\n  __cleanup_mnt\n   cleanup_mnt\n    deactivate_super\n     deactivate_locked_super\n      kill_block_super\n       generic_shutdown_super\n        shrink_dcache_for_umount\n         dentry = sb->s_root\n         sb->s_root = NULL              <--- Here set NULL\n        sync_filesystem\n         __sync_filesystem\n          sb->s_op->sync_fs > ext4_sync_fs\n           dquot_writeback_dquots\n            sb->dq_op->write_info > ext4_write_info\n             ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2)\n              d_inode(sb->s_root)\n               s_root->d_inode          <--- Null pointer dereference\n\nTo solve this problem, we use ext4_journal_start_sb directly\nto avoid s_root being used."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/super.c"],"versions":[{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"dc451578446afd03c0c21913993c08898a691435","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"f4b5ff0b794aa94afac7269c494550ca2f66511b","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"947264e00c46de19a016fd81218118c708fed2f3","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"f34ab95162763cd7352f46df169296eec28b688d","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"533c60a0b97cee5daab376933f486207e6680fb7","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"4a657319cfabd6199fd0b7b65bbebf6ded7a11c1","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"bb420e8afc854d2a1caaa23a0c129839acfb7888","status":"affected","versionType":"git"},{"version":"a1177825719ccef3f76ef39bbfd5ebb6087d53c7","lessThan":"f9c1f248607d5546075d3f731e7607d5571f2b60","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/super.c"],"versions":[{"version":"3.6","status":"affected"},{"version":"0","lessThan":"3.6","status":"unaffected","versionType":"semver"},{"version":"4.9.331","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.296","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.262","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.220","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.150","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"4.9.331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"4.14.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"4.19.262"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.4.220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dc451578446afd03c0c21913993c08898a691435"},{"url":"https://git.kernel.org/stable/c/f4b5ff0b794aa94afac7269c494550ca2f66511b"},{"url":"https://git.kernel.org/stable/c/947264e00c46de19a016fd81218118c708fed2f3"},{"url":"https://git.kernel.org/stable/c/3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4"},{"url":"https://git.kernel.org/stable/c/f34ab95162763cd7352f46df169296eec28b688d"},{"url":"https://git.kernel.org/stable/c/533c60a0b97cee5daab376933f486207e6680fb7"},{"url":"https://git.kernel.org/stable/c/4a657319cfabd6199fd0b7b65bbebf6ded7a11c1"},{"url":"https://git.kernel.org/stable/c/bb420e8afc854d2a1caaa23a0c129839acfb7888"},{"url":"https://git.kernel.org/stable/c/f9c1f248607d5546075d3f731e7607d5571f2b60"}],"title":"ext4: fix null-ptr-deref in ext4_write_info","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-50344","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:20:39.263791Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:22:58.181Z"}}]}}