-

CVE-2022-50845

EPSS 0.04%
Veröffentlicht 30.12.2025 12:11:02
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix inode leak in ext4_xattr_inode_create() on an error path

There is issue as follows when do setxattr with inject fault:

[localhost]# fsck.ext4  -fn  /dev/sda
e2fsck 1.46.6-rc1 (12-Sep-2022)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Unattached zero-length inode 15.  Clear? no

Unattached inode 15
Connect to /lost+found? no

Pass 5: Checking group summary information

/dev/sda: ********** WARNING: Filesystem still has errors **********

/dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks

This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()'
fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 0f709e08caffb41bbc9b38b9a4c1bd0769794007

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < eab94a46560f68d4bcd15222701ced479f84f427

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < 9ef603086c5b796fde1c7f22a17d0fc826ba54cb

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < 9882601ee689975c1c0076ee65bf222a2a35e535

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < 322cf639b0b7f137543072c55545adab782b3a25

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < fdaaf45786dc8c17a72901021772520fceb18f8c

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < 70e5b46beba64706430a87a6d516054225e8ac8a

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

Version < e4db04f7d3dbbe16680e0ded27ea2a65b10f766a

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.13

Status affected

Version < 4.13

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0f709e08caffb41bbc9b38b9a4c1bd0769794007

https://git.kernel.org/stable/c/eab94a46560f68d4bcd15222701ced479f84f427

https://git.kernel.org/stable/c/9ef603086c5b796fde1c7f22a17d0fc826ba54cb

https://git.kernel.org/stable/c/9882601ee689975c1c0076ee65bf222a2a35e535

https://git.kernel.org/stable/c/322cf639b0b7f137543072c55545adab782b3a25

https://git.kernel.org/stable/c/fdaaf45786dc8c17a72901021772520fceb18f8c

https://git.kernel.org/stable/c/70e5b46beba64706430a87a6d516054225e8ac8a

https://git.kernel.org/stable/c/e4db04f7d3dbbe16680e0ded27ea2a65b10f766a

https://nvd.nist.gov/vuln/detail/CVE-2022-50845

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50845

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50845

EUVD