CVE-2022-49708

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49708
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49708.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49708
Related
Published
2025-02-26T07:01:46Z
Modified
2025-02-26T19:03:57.238766Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bugon ext4mbuseinode_pa

Hulk Robot reported a BUG_ON:

kernel BUG at fs/ext4/mballoc.c:3211! [...] RIP: 0010:ext4mbmarkdiskspaceused.cold+0x85/0x136f [...] Call Trace: ext4mbnewblocks+0x9df/0x5d30 ext4extmapblocks+0x1803/0x4d80 ext4mapblocks+0x3a4/0x1a10 ext4writepages+0x126d/0x2c30 dowritepages+0x7f/0x1b0 _filemapfdatawriterange+0x285/0x3b0 filewriteandwaitrange+0xb1/0x140 ext4syncfile+0x1aa/0xca0 vfsfsyncrange+0xfb/0x260 dofsync+0x48/0xa0

[...]

Above issue may happen as follows:

dofsync vfsfsyncrange ext4syncfile filewriteandwaitrange _filemapfdatawriterange dowritepages ext4writepages mpagemapandsubmitextent mpagemaponeextent ext4mapblocks ext4mbnewblocks ext4mbnormalize_request

start + size <= ac->acoex.felogical ext4mbregularallocator ext4mbsimplescangroup ext4mbusebestfound ext4mbnewpreallocation ext4mbnewinodepa ext4mbuseinodepa set ac->acbex.felen <= 0 ext4mbmarkdiskspaceused BUGON(ac->acbex.felen <= 0);

we can easily reproduce this problem with the following commands: fallocate -l100M disk mkfs.ext4 -b 1024 -g 256 disk mount disk /mnt fsstress -d /mnt -l 0 -n 1000 -p 1

The size must be smaller than or equal to EXT4BLOCKSPERGROUP. Therefore, "start + size <= ac->acoex.felogical" may occur when the size is truncated. So start should be the start position of the group where acoex.felogical is located after alignment. In addition, when the value of felogical or EXT4BLOCKSPERGROUP is very large, the value calculated by startoff is more accurate.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.127-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}