-
CVE-2022-50344
- EPSS 0.04%
- Published 16.09.2025 16:11:23
- Last modified 17.09.2025 14:18:55
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix null-ptr-deref in ext4_write_info
I caught a null-ptr-deref bug as follows:
==================================================================
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339
RIP: 0010:ext4_write_info+0x53/0x1b0
[...]
Call Trace:
dquot_writeback_dquots+0x341/0x9a0
ext4_sync_fs+0x19e/0x800
__sync_filesystem+0x83/0x100
sync_filesystem+0x89/0xf0
generic_shutdown_super+0x79/0x3e0
kill_block_super+0xa1/0x110
deactivate_locked_super+0xac/0x130
deactivate_super+0xb6/0xd0
cleanup_mnt+0x289/0x400
__cleanup_mnt+0x16/0x20
task_work_run+0x11c/0x1c0
exit_to_user_mode_prepare+0x203/0x210
syscall_exit_to_user_mode+0x5b/0x3a0
do_syscall_64+0x59/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xa9
==================================================================
Above issue may happen as follows:
-------------------------------------
exit_to_user_mode_prepare
task_work_run
__cleanup_mnt
cleanup_mnt
deactivate_super
deactivate_locked_super
kill_block_super
generic_shutdown_super
shrink_dcache_for_umount
dentry = sb->s_root
sb->s_root = NULL <--- Here set NULL
sync_filesystem
__sync_filesystem
sb->s_op->sync_fs > ext4_sync_fs
dquot_writeback_dquots
sb->dq_op->write_info > ext4_write_info
ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2)
d_inode(sb->s_root)
s_root->d_inode <--- Null pointer dereference
To solve this problem, we use ext4_journal_start_sb directly
to avoid s_root being used.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
dc451578446afd03c0c21913993c08898a691435
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f4b5ff0b794aa94afac7269c494550ca2f66511b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
947264e00c46de19a016fd81218118c708fed2f3
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f34ab95162763cd7352f46df169296eec28b688d
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
533c60a0b97cee5daab376933f486207e6680fb7
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
4a657319cfabd6199fd0b7b65bbebf6ded7a11c1
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
bb420e8afc854d2a1caaa23a0c129839acfb7888
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
f9c1f248607d5546075d3f731e7607d5571f2b60
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version <=
4.9.*
Version
4.9.331
Status
unaffected
Version <=
4.14.*
Version
4.14.296
Status
unaffected
Version <=
4.19.*
Version
4.19.262
Status
unaffected
Version <=
5.4.*
Version
5.4.220
Status
unaffected
Version <=
5.10.*
Version
5.10.150
Status
unaffected
Version <=
5.15.*
Version
5.15.75
Status
unaffected
Version <=
5.19.*
Version
5.19.17
Status
unaffected
Version <=
6.0.*
Version
6.0.3
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.126 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|