CVE-2022-48635

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48635

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48635.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-48635

Downstream

DEBIAN-CVE-2022-48635

UBUNTU-CVE-2022-48635

Published

2024-04-28T12:59:24Z

Modified

2025-10-15T15:20:41.125316Z

Severity

6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

fsdax: Fix infinite loop in dax_iomap_rw()

Details

In the Linux kernel, the following vulnerability has been resolved:

fsdax: Fix infinite loop in daxiomaprw()

I got an infinite loop and a WARNING report when executing a tail command in virtiofs.

WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomapiter+0x3a2/0x3d0 Modules linked in: CPU: 10 PID: 964 Comm: tail Not tainted 5.19.0-rc7 Call Trace: <TASK> daxiomaprw+0xea/0x620 ? _thiscpupreemptcheck+0x13/0x20 fusedaxreaditer+0x47/0x80 fusefilereaditer+0xae/0xd0 newsyncread+0xfe/0x180 ? 0xffffffff81000000 vfsread+0x14d/0x1a0 ksysread+0x6d/0xf0 _x64sysread+0x1a/0x20 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x63/0xcd

The tail command will call read() with a count of 0. In this case, iomapiter() will report this WARNING, and always return 1 which casuing the infinite loop in daxiomap_rw().

Fixing by checking count whether is 0 in daxiomaprw().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ca289e0b95afa973d204c77a4ad5c37e06145fbf

Fixed

929ef155e1da41c06f4d8ca86ae12b851a83a744

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ca289e0b95afa973d204c77a4ad5c37e06145fbf

Fixed

60644dffac87b1bb47bdb393aa29d5f2ffcf41a0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ca289e0b95afa973d204c77a4ad5c37e06145fbf

Fixed

17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3

Affected versions

v5.*

v5.14

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.19.1

v5.19.10

v5.19.11

v5.19.2

v5.19.3

v5.19.4

v5.19.5

v5.19.6

v5.19.7

v5.19.8

v5.19.9

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 662.0,
            "function_hash": "82363617718878527804138322566284111625"
        },
        "id": "CVE-2022-48635-2bf5c278",
        "signature_type": "Function",
        "target": {
            "file": "fs/dax.c",
            "function": "dax_iomap_rw"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 662.0,
            "function_hash": "82363617718878527804138322566284111625"
        },
        "id": "CVE-2022-48635-445a5e93",
        "signature_type": "Function",
        "target": {
            "file": "fs/dax.c",
            "function": "dax_iomap_rw"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60644dffac87b1bb47bdb393aa29d5f2ffcf41a0"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "206276453984365871074242193410811883253",
                "289250276376751320576241632979159914378",
                "94857421077250562658921107379871075166"
            ]
        },
        "id": "CVE-2022-48635-6c4da7ee",
        "signature_type": "Line",
        "target": {
            "file": "fs/dax.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "206276453984365871074242193410811883253",
                "289250276376751320576241632979159914378",
                "94857421077250562658921107379871075166"
            ]
        },
        "id": "CVE-2022-48635-c459320a",
        "signature_type": "Line",
        "target": {
            "file": "fs/dax.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60644dffac87b1bb47bdb393aa29d5f2ffcf41a0"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.71

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.19.12