-

CVE-2022-50845

EPSS 0.05%
Veröffentlicht 30.12.2025 12:11:02
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ext4: fix inode leak in ext4_xattr_inode_create() on an error path

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix inode leak in ext4_xattr_inode_create() on an error path

There is issue as follows when do setxattr with inject fault:

[localhost]# fsck.ext4  -fn  /dev/sda
e2fsck 1.46.6-rc1 (12-Sep-2022)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Unattached zero-length inode 15.  Clear? no

Unattached inode 15
Connect to /lost+found? no

Pass 5: Checking group summary information

/dev/sda: ********** WARNING: Filesystem still has errors **********

/dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks

This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()'
fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < 0f709e08caffb41bbc9b38b9a4c1bd0769794007

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < eab94a46560f68d4bcd15222701ced479f84f427

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < 9ef603086c5b796fde1c7f22a17d0fc826ba54cb

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < 9882601ee689975c1c0076ee65bf222a2a35e535

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < 322cf639b0b7f137543072c55545adab782b3a25

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < fdaaf45786dc8c17a72901021772520fceb18f8c

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < 70e5b46beba64706430a87a6d516054225e8ac8a

Status affected

Version bd3b963b273e247e13979f98812a6e4979b5c1e4

Version < e4db04f7d3dbbe16680e0ded27ea2a65b10f766a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.13

Status affected

Version 0

Version < 4.13

Status unaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0f709e08caffb41bbc9b38b9a4c1bd0769794007

https://git.kernel.org/stable/c/eab94a46560f68d4bcd15222701ced479f84f427

https://git.kernel.org/stable/c/9ef603086c5b796fde1c7f22a17d0fc826ba54cb

https://git.kernel.org/stable/c/9882601ee689975c1c0076ee65bf222a2a35e535

https://git.kernel.org/stable/c/322cf639b0b7f137543072c55545adab782b3a25

https://git.kernel.org/stable/c/fdaaf45786dc8c17a72901021772520fceb18f8c

https://git.kernel.org/stable/c/70e5b46beba64706430a87a6d516054225e8ac8a

https://git.kernel.org/stable/c/e4db04f7d3dbbe16680e0ded27ea2a65b10f766a

https://nvd.nist.gov/vuln/detail/CVE-2022-50845

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50845

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50845

EUVD