-

CVE-2022-50379

EPSS 0.03%
Veröffentlicht 18.09.2025 13:33:01
Zuletzt bearbeitet 19.09.2025 16:00:46
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix race between quota enable and quota rescan ioctl

When enabling quotas, at btrfs_quota_enable(), after committing the
transaction, we change fs_info->quota_root to point to the quota root we
created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try
to start the qgroup rescan worker, first by initializing it with a call
to qgroup_rescan_init() - however if that fails we end up freeing the
quota root but we leave fs_info->quota_root still pointing to it, this
can later result in a use-after-free somewhere else.

We have previously set the flags BTRFS_FS_QUOTA_ENABLED and
BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with -EINPROGRESS at
btrfs_quota_enable(), which is possible if someone already called the
quota rescan ioctl, and therefore started the rescan worker.

So fix this by ignoring an -EINPROGRESS and asserting we can't get any
other error.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c97f6d528c3f1c83a6b792a8a7928c236c80b8fe

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 26b7c0ac49a3eea15559c9d84863736a6d1164b4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 47b5ffe86332af95f0f52be0a63d4da7c2b37b55

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4b996a3014ef014af8f97b60c35f5289210a4720

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 0efd9dfc00d677a1d0929319a6103cb2dfc41c22

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6c22f86dd221eba0c7af645b1af73dcbc04ee27b

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 331cd9461412e103d07595a10289de90004ac890

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.19.*

Version 4.19.262

Status unaffected

Version <= 5.4.*

Version 5.4.220

Status unaffected

Version <= 5.10.*

Version 5.10.150

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/c97f6d528c3f1c83a6b792a8a7928c236c80b8fe

https://git.kernel.org/stable/c/26b7c0ac49a3eea15559c9d84863736a6d1164b4

https://git.kernel.org/stable/c/47b5ffe86332af95f0f52be0a63d4da7c2b37b55

https://git.kernel.org/stable/c/4b996a3014ef014af8f97b60c35f5289210a4720

https://git.kernel.org/stable/c/0efd9dfc00d677a1d0929319a6103cb2dfc41c22

https://git.kernel.org/stable/c/6c22f86dd221eba0c7af645b1af73dcbc04ee27b

https://git.kernel.org/stable/c/331cd9461412e103d07595a10289de90004ac890

https://nvd.nist.gov/vuln/detail/CVE-2022-50379

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50379

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50379

EUVD