-
CVE-2022-50344
- EPSS 0.04%
- Veröffentlicht 16.09.2025 16:11:23
- Zuletzt bearbeitet 17.09.2025 14:18:55
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix null-ptr-deref in ext4_write_info
I caught a null-ptr-deref bug as follows:
==================================================================
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339
RIP: 0010:ext4_write_info+0x53/0x1b0
[...]
Call Trace:
dquot_writeback_dquots+0x341/0x9a0
ext4_sync_fs+0x19e/0x800
__sync_filesystem+0x83/0x100
sync_filesystem+0x89/0xf0
generic_shutdown_super+0x79/0x3e0
kill_block_super+0xa1/0x110
deactivate_locked_super+0xac/0x130
deactivate_super+0xb6/0xd0
cleanup_mnt+0x289/0x400
__cleanup_mnt+0x16/0x20
task_work_run+0x11c/0x1c0
exit_to_user_mode_prepare+0x203/0x210
syscall_exit_to_user_mode+0x5b/0x3a0
do_syscall_64+0x59/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================
Above issue may happen as follows:
-------------------------------------
exit_to_user_mode_prepare
task_work_run
__cleanup_mnt
cleanup_mnt
deactivate_super
deactivate_locked_super
kill_block_super
generic_shutdown_super
shrink_dcache_for_umount
dentry = sb->s_root
sb->s_root = NULL <--- Here set NULL
sync_filesystem
__sync_filesystem
sb->s_op->sync_fs > ext4_sync_fs
dquot_writeback_dquots
sb->dq_op->write_info > ext4_write_info
ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2)
d_inode(sb->s_root)
s_root->d_inode <--- Null pointer dereference
To solve this problem, we use ext4_journal_start_sb directly
to avoid s_root being used.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
dc451578446afd03c0c21913993c08898a691435
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f4b5ff0b794aa94afac7269c494550ca2f66511b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
947264e00c46de19a016fd81218118c708fed2f3
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f34ab95162763cd7352f46df169296eec28b688d
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
533c60a0b97cee5daab376933f486207e6680fb7
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
4a657319cfabd6199fd0b7b65bbebf6ded7a11c1
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
bb420e8afc854d2a1caaa23a0c129839acfb7888
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f9c1f248607d5546075d3f731e7607d5571f2b60
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version <=
4.9.*
Version
4.9.331
Status
unaffected
Version <=
4.14.*
Version
4.14.296
Status
unaffected
Version <=
4.19.*
Version
4.19.262
Status
unaffected
Version <=
5.4.*
Version
5.4.220
Status
unaffected
Version <=
5.10.*
Version
5.10.150
Status
unaffected
Version <=
5.15.*
Version
5.15.75
Status
unaffected
Version <=
5.19.*
Version
5.19.17
Status
unaffected
Version <=
6.0.*
Version
6.0.3
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.126 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|