CVE-2022-49347

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49347
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49347.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49347
Related
Published
2025-02-26T07:01:11Z
Modified
2025-02-26T19:03:02.057016Z
Downstream
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bugon in ext4writepages

we got issue as follows: EXT4-fs error (device loop0): ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------[ cut here ]------------ kernel BUG at fs/ext4/inode.c:2708! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155 RIP: 0010:ext4writepages+0x1977/0x1c10 RSP: 0018:ffff88811d3e7880 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000 RDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002 RBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000 R10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001 R13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028 FS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> dowritepages+0x130/0x3a0 filemapfdatawritewbc+0x83/0xa0 filemapflush+0xab/0xe0 ext4allocdablocks+0x51/0x120 _ext4ioctl+0x1534/0x3210 _x64sysioctl+0x12c/0x170 dosyscall64+0x3b/0x90

It may happen as follows: 1. write inlinedata inode vfswrite newsyncwrite ext4filewriteiter ext4bufferedwriteiter genericperformwrite ext4dawritebegin ext4dawriteinlinedatabegin -> If inline data size too small will allocate block to write, then mapping will has dirty page ext4daconvertinlinedatatoextent ->clear EXT4STATEMAYINLINEDATA 2. fallocate dovfsioctl ioctlpreallocate vfsfallocate ext4fallocate ext4convertinlinedata ext4convertinlinedatanolock ext4mapblocks -> fail will goto restore data ext4restoreinlinedata ext4createinlinedata ext4writeinlinedata ext4setinodestate -> set inode EXT4STATEMAYINLINEDATA 3. writepages _ext4ioctl ext4allocdablocks filemapflush filemapfdatawritewbc dowritepages ext4writepages if (ext4hasinlinedata(inode)) BUGON(ext4testinodestate(inode, EXT4STATEMAYINLINE_DATA))

The root cause of this issue is we destory inline data until call ext4writepages under delay allocation mode. But there maybe already convert from inline to extent. To solve this issue, we call filemapflush first..

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.127-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}