In the Linux kernel, the following vulnerability has been resolved:
gfs2: Always check inode size of inline inodes
Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2dinodein()). This prevents us from on-disk corruption.
The two checks in stuffedreadpage() and gfs2unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well.
[
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46c9088cabd4d0469fdb61ac2a9c5003057fe94d",
"deprecated": false,
"digest": {
"line_hashes": [
"249122232144619588775345555719924829748",
"124731376586809029293348923232960229243",
"217995189387011881420605209223720976260",
"152222110946698530549791288997723827958",
"96092304969312085299519192859323721180"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-01ba982e",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70376c7ff31221f1d21db5611d8209e677781d3a",
"deprecated": false,
"digest": {
"line_hashes": [
"248438618760497057348605046801297031855",
"78424512661461743737002192115712987696",
"264826086561098505273028660104513728111"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-0218809c",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45df749f827c286adbc951f2a4865b67f0442ba9",
"deprecated": false,
"digest": {
"function_hash": "200622412059207154962641388874502774430",
"length": 2085.0
},
"id": "CVE-2022-49739-140d83dc",
"signature_version": "v1",
"target": {
"function": "gfs2_dinode_in",
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d458a0984429c2d47e60254f5bc4119cbafe83a2",
"deprecated": false,
"digest": {
"function_hash": "172995463689269966612956230528579770987",
"length": 2008.0
},
"id": "CVE-2022-49739-15617ebd",
"signature_version": "v1",
"target": {
"function": "gfs2_dinode_in",
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45df749f827c286adbc951f2a4865b67f0442ba9",
"deprecated": false,
"digest": {
"function_hash": "164570473908427231102784623992284357249",
"length": 589.0
},
"id": "CVE-2022-49739-25988c8a",
"signature_version": "v1",
"target": {
"function": "stuffed_readpage",
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46c9088cabd4d0469fdb61ac2a9c5003057fe94d",
"deprecated": false,
"digest": {
"line_hashes": [
"248438618760497057348605046801297031855",
"78424512661461743737002192115712987696",
"264826086561098505273028660104513728111"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-2f235f9f",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4d4cb76636134bf9a0c9c3432dae936f99954586",
"deprecated": false,
"digest": {
"function_hash": "305261699260289221873767917929654890363",
"length": 996.0
},
"id": "CVE-2022-49739-378310d2",
"signature_version": "v1",
"target": {
"function": "gfs2_unstuffer_page",
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4d4cb76636134bf9a0c9c3432dae936f99954586",
"deprecated": false,
"digest": {
"line_hashes": [
"99937971126275935110041118373557133386",
"143157390962296026748349672830696391302",
"219410780040907472526363357765760232264"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-3f203654",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c414f6f06e9a3934901b6edc3177ae5a1e07094",
"deprecated": false,
"digest": {
"line_hashes": [
"221053181202543078825082852061331226869",
"134283612357477100253748447041537845019",
"100508699619809290568985700004145234213",
"152222110946698530549791288997723827958",
"146094350008227931336454550798693143749"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-48517234",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70376c7ff31221f1d21db5611d8209e677781d3a",
"deprecated": false,
"digest": {
"line_hashes": [
"221053181202543078825082852061331226869",
"134283612357477100253748447041537845019",
"100508699619809290568985700004145234213",
"152222110946698530549791288997723827958",
"146094350008227931336454550798693143749"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-57f2dab8",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70376c7ff31221f1d21db5611d8209e677781d3a",
"deprecated": false,
"digest": {
"function_hash": "23223242489000556993371975453157272998",
"length": 794.0
},
"id": "CVE-2022-49739-59076d54",
"signature_version": "v1",
"target": {
"function": "gfs2_unstuffer_page",
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c414f6f06e9a3934901b6edc3177ae5a1e07094",
"deprecated": false,
"digest": {
"function_hash": "329003482783203201450908145243244925391",
"length": 1002.0
},
"id": "CVE-2022-49739-6b9f8c23",
"signature_version": "v1",
"target": {
"function": "gfs2_unstuffer_page",
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d458a0984429c2d47e60254f5bc4119cbafe83a2",
"deprecated": false,
"digest": {
"line_hashes": [
"248438618760497057348605046801297031855",
"78424512661461743737002192115712987696",
"264826086561098505273028660104513728111"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-6fc631ba",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46c9088cabd4d0469fdb61ac2a9c5003057fe94d",
"deprecated": false,
"digest": {
"function_hash": "172995463689269966612956230528579770987",
"length": 2008.0
},
"id": "CVE-2022-49739-7045b925",
"signature_version": "v1",
"target": {
"function": "gfs2_dinode_in",
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70376c7ff31221f1d21db5611d8209e677781d3a",
"deprecated": false,
"digest": {
"function_hash": "142604662389494264597372549358334014250",
"length": 596.0
},
"id": "CVE-2022-49739-7166b13c",
"signature_version": "v1",
"target": {
"function": "stuffed_readpage",
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c414f6f06e9a3934901b6edc3177ae5a1e07094",
"deprecated": false,
"digest": {
"line_hashes": [
"249122232144619588775345555719924829748",
"124731376586809029293348923232960229243",
"217995189387011881420605209223720976260",
"152222110946698530549791288997723827958",
"96092304969312085299519192859323721180"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-760a69f6",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46c9088cabd4d0469fdb61ac2a9c5003057fe94d",
"deprecated": false,
"digest": {
"line_hashes": [
"221053181202543078825082852061331226869",
"134283612357477100253748447041537845019",
"100508699619809290568985700004145234213",
"152222110946698530549791288997723827958",
"146094350008227931336454550798693143749"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-76f6fc2e",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c414f6f06e9a3934901b6edc3177ae5a1e07094",
"deprecated": false,
"digest": {
"function_hash": "142604662389494264597372549358334014250",
"length": 596.0
},
"id": "CVE-2022-49739-7abf1ce5",
"signature_version": "v1",
"target": {
"function": "stuffed_readpage",
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45df749f827c286adbc951f2a4865b67f0442ba9",
"deprecated": false,
"digest": {
"line_hashes": [
"99937971126275935110041118373557133386",
"143157390962296026748349672830696391302",
"219410780040907472526363357765760232264"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-7f13c885",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46c9088cabd4d0469fdb61ac2a9c5003057fe94d",
"deprecated": false,
"digest": {
"function_hash": "142604662389494264597372549358334014250",
"length": 596.0
},
"id": "CVE-2022-49739-86adb9bd",
"signature_version": "v1",
"target": {
"function": "stuffed_readpage",
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4d4cb76636134bf9a0c9c3432dae936f99954586",
"deprecated": false,
"digest": {
"function_hash": "200622412059207154962641388874502774430",
"length": 2085.0
},
"id": "CVE-2022-49739-9e67ca41",
"signature_version": "v1",
"target": {
"function": "gfs2_dinode_in",
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4d4cb76636134bf9a0c9c3432dae936f99954586",
"deprecated": false,
"digest": {
"function_hash": "142604662389494264597372549358334014250",
"length": 596.0
},
"id": "CVE-2022-49739-a0350938",
"signature_version": "v1",
"target": {
"function": "stuffed_readpage",
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c414f6f06e9a3934901b6edc3177ae5a1e07094",
"deprecated": false,
"digest": {
"line_hashes": [
"99937971126275935110041118373557133386",
"143157390962296026748349672830696391302",
"219410780040907472526363357765760232264"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-a29b47db",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d458a0984429c2d47e60254f5bc4119cbafe83a2",
"deprecated": false,
"digest": {
"function_hash": "142604662389494264597372549358334014250",
"length": 596.0
},
"id": "CVE-2022-49739-a2ad30f2",
"signature_version": "v1",
"target": {
"function": "stuffed_readpage",
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45df749f827c286adbc951f2a4865b67f0442ba9",
"deprecated": false,
"digest": {
"line_hashes": [
"221053181202543078825082852061331226869",
"134283612357477100253748447041537845019",
"100508699619809290568985700004145234213",
"152222110946698530549791288997723827958",
"146094350008227931336454550798693143749"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-a5507c59",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4d4cb76636134bf9a0c9c3432dae936f99954586",
"deprecated": false,
"digest": {
"line_hashes": [
"221053181202543078825082852061331226869",
"134283612357477100253748447041537845019",
"100508699619809290568985700004145234213",
"152222110946698530549791288997723827958",
"146094350008227931336454550798693143749"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-b015837f",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c414f6f06e9a3934901b6edc3177ae5a1e07094",
"deprecated": false,
"digest": {
"function_hash": "113149152516871711879121551661256965881",
"length": 2083.0
},
"id": "CVE-2022-49739-c270d62c",
"signature_version": "v1",
"target": {
"function": "gfs2_dinode_in",
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45df749f827c286adbc951f2a4865b67f0442ba9",
"deprecated": false,
"digest": {
"line_hashes": [
"249122232144619588775345555719924829748",
"124731376586809029293348923232960229243",
"217995189387011881420605209223720976260",
"152222110946698530549791288997723827958",
"96092304969312085299519192859323721180"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-c9edf571",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4d4cb76636134bf9a0c9c3432dae936f99954586",
"deprecated": false,
"digest": {
"line_hashes": [
"249122232144619588775345555719924829748",
"124731376586809029293348923232960229243",
"217995189387011881420605209223720976260",
"152222110946698530549791288997723827958",
"96092304969312085299519192859323721180"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-d12280a5",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d458a0984429c2d47e60254f5bc4119cbafe83a2",
"deprecated": false,
"digest": {
"line_hashes": [
"221053181202543078825082852061331226869",
"134283612357477100253748447041537845019",
"100508699619809290568985700004145234213",
"152222110946698530549791288997723827958",
"146094350008227931336454550798693143749"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-dd917cb7",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/aops.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70376c7ff31221f1d21db5611d8209e677781d3a",
"deprecated": false,
"digest": {
"line_hashes": [
"249122232144619588775345555719924829748",
"124731376586809029293348923232960229243",
"217995189387011881420605209223720976260",
"152222110946698530549791288997723827958",
"96092304969312085299519192859323721180"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-de80475f",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70376c7ff31221f1d21db5611d8209e677781d3a",
"deprecated": false,
"digest": {
"function_hash": "172995463689269966612956230528579770987",
"length": 2008.0
},
"id": "CVE-2022-49739-e3a8aa9f",
"signature_version": "v1",
"target": {
"function": "gfs2_dinode_in",
"file": "fs/gfs2/glops.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d458a0984429c2d47e60254f5bc4119cbafe83a2",
"deprecated": false,
"digest": {
"function_hash": "23223242489000556993371975453157272998",
"length": 794.0
},
"id": "CVE-2022-49739-e5633fbe",
"signature_version": "v1",
"target": {
"function": "gfs2_unstuffer_page",
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46c9088cabd4d0469fdb61ac2a9c5003057fe94d",
"deprecated": false,
"digest": {
"function_hash": "23223242489000556993371975453157272998",
"length": 794.0
},
"id": "CVE-2022-49739-efcfb3c5",
"signature_version": "v1",
"target": {
"function": "gfs2_unstuffer_page",
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d458a0984429c2d47e60254f5bc4119cbafe83a2",
"deprecated": false,
"digest": {
"line_hashes": [
"249122232144619588775345555719924829748",
"124731376586809029293348923232960229243",
"217995189387011881420605209223720976260",
"152222110946698530549791288997723827958",
"96092304969312085299519192859323721180"
],
"threshold": 0.9
},
"id": "CVE-2022-49739-f048a99b",
"signature_version": "v1",
"target": {
"file": "fs/gfs2/bmap.c"
}
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45df749f827c286adbc951f2a4865b67f0442ba9",
"deprecated": false,
"digest": {
"function_hash": "305261699260289221873767917929654890363",
"length": 996.0
},
"id": "CVE-2022-49739-faba9707",
"signature_version": "v1",
"target": {
"function": "gfs2_unstuffer_page",
"file": "fs/gfs2/bmap.c"
}
}
]