-

CVE-2022-50379

EPSS 0.03%
Published 18.09.2025 13:33:01
Last modified 19.09.2025 16:00:46
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix race between quota enable and quota rescan ioctl

When enabling quotas, at btrfs_quota_enable(), after committing the
transaction, we change fs_info->quota_root to point to the quota root we
created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try
to start the qgroup rescan worker, first by initializing it with a call
to qgroup_rescan_init() - however if that fails we end up freeing the
quota root but we leave fs_info->quota_root still pointing to it, this
can later result in a use-after-free somewhere else.

We have previously set the flags BTRFS_FS_QUOTA_ENABLED and
BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with -EINPROGRESS at
btrfs_quota_enable(), which is possible if someone already called the
quota rescan ioctl, and therefore started the rescan worker.

So fix this by ignoring an -EINPROGRESS and asserting we can't get any
other error.

Affected products Warnungen 0 Metrics 1 CWE 0 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < c97f6d528c3f1c83a6b792a8a7928c236c80b8fe

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 26b7c0ac49a3eea15559c9d84863736a6d1164b4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 47b5ffe86332af95f0f52be0a63d4da7c2b37b55

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4b996a3014ef014af8f97b60c35f5289210a4720

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 0efd9dfc00d677a1d0929319a6103cb2dfc41c22

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6c22f86dd221eba0c7af645b1af73dcbc04ee27b

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 331cd9461412e103d07595a10289de90004ac890

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 4.19.*

Version 4.19.262

Status unaffected

Version <= 5.4.*

Version 5.4.220

Status unaffected

Version <= 5.10.*

Version 5.10.150

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/c97f6d528c3f1c83a6b792a8a7928c236c80b8fe

https://git.kernel.org/stable/c/26b7c0ac49a3eea15559c9d84863736a6d1164b4

https://git.kernel.org/stable/c/47b5ffe86332af95f0f52be0a63d4da7c2b37b55

https://git.kernel.org/stable/c/4b996a3014ef014af8f97b60c35f5289210a4720

https://git.kernel.org/stable/c/0efd9dfc00d677a1d0929319a6103cb2dfc41c22

https://git.kernel.org/stable/c/6c22f86dd221eba0c7af645b1af73dcbc04ee27b

https://git.kernel.org/stable/c/331cd9461412e103d07595a10289de90004ac890

https://nvd.nist.gov/vuln/detail/CVE-2022-50379

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50379

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50379

EUVD