{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50753","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T13:02:21.544Z","datePublished":"2025-12-24T13:05:47.559Z","dateUpdated":"2026-05-11T19:24:51.328Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:24:51.328Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on summary info\n\nAs Wenqing Liu reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=216456\n\nBUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]\nRead of size 4 at addr ffff8881464dcd80 by task mount/1013\n\nCPU: 3 PID: 1013 Comm: mount Tainted: G        W          6.0.0-rc4 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n dump_stack_lvl+0x45/0x5e\n print_report.cold+0xf3/0x68d\n kasan_report+0xa8/0x130\n recover_data+0x63ae/0x6ae0 [f2fs]\n f2fs_recover_fsync_data+0x120d/0x1fc0 [f2fs]\n f2fs_fill_super+0x4665/0x61e0 [f2fs]\n mount_bdev+0x2cf/0x3b0\n legacy_get_tree+0xed/0x1d0\n vfs_get_tree+0x81/0x2b0\n path_mount+0x47e/0x19d0\n do_mount+0xce/0xf0\n __x64_sys_mount+0x12c/0x1a0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is: in fuzzed image, SSA table is corrupted: ofs_in_node\nis larger than ADDRS_PER_PAGE(), result in out-of-range access on 4k-size\npage.\n\n- recover_data\n - do_recover_data\n  - check_index_in_prev_nodes\n   - f2fs_data_blkaddr\n\nThis patch adds sanity check on summary info in recovery and GC flow\nin where the flows rely on them.\n\nAfter patch:\n[   29.310883] F2FS-fs (loop0): Inconsistent ofs_in_node:65286 in summary, ino:0, nid:6, max:1018"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/gc.c","fs/f2fs/recovery.c"],"versions":[{"version":"b292dcab068e141d8a820b77cbcc88d98c610eb4","lessThan":"c99860f9a75079f339ed7670425b1ac58f26e2ff","status":"affected","versionType":"git"},{"version":"b292dcab068e141d8a820b77cbcc88d98c610eb4","lessThan":"4a8e8bf280703e04e0b9d91f101e1fdd9a5bd09e","status":"affected","versionType":"git"},{"version":"b292dcab068e141d8a820b77cbcc88d98c610eb4","lessThan":"73687c53919f49dff3852155621dab7a35c52854","status":"affected","versionType":"git"},{"version":"b292dcab068e141d8a820b77cbcc88d98c610eb4","lessThan":"e168f819bfa42459b14f479e55ebd550bcc78899","status":"affected","versionType":"git"},{"version":"b292dcab068e141d8a820b77cbcc88d98c610eb4","lessThan":"0922ad64ccefa3e483e84355942b86e13c8fea68","status":"affected","versionType":"git"},{"version":"b292dcab068e141d8a820b77cbcc88d98c610eb4","lessThan":"c6ad7fd16657ebd34a87a97d9588195aae87597d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/gc.c","fs/f2fs/recovery.c"],"versions":[{"version":"3.11","status":"affected"},{"version":"0","lessThan":"3.11","status":"unaffected","versionType":"semver"},{"version":"5.4.220","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.150","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.4.220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.10.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c99860f9a75079f339ed7670425b1ac58f26e2ff"},{"url":"https://git.kernel.org/stable/c/4a8e8bf280703e04e0b9d91f101e1fdd9a5bd09e"},{"url":"https://git.kernel.org/stable/c/73687c53919f49dff3852155621dab7a35c52854"},{"url":"https://git.kernel.org/stable/c/e168f819bfa42459b14f479e55ebd550bcc78899"},{"url":"https://git.kernel.org/stable/c/0922ad64ccefa3e483e84355942b86e13c8fea68"},{"url":"https://git.kernel.org/stable/c/c6ad7fd16657ebd34a87a97d9588195aae87597d"}],"title":"f2fs: fix to do sanity check on summary info","x_generator":{"engine":"bippy-1.2.0"}}}}