CVE-2022-49879

The reclen field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4reclentodisk(), called from makeindexed_dir().

------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:makeindexeddir+0x53f/0x5f0 ... Call Trace: <TASK> ? adddirenttobuf+0x1b2/0x200 ext4addentry+0x36e/0x480 ext4addnondir+0x2b/0xc0 ext4create+0x163/0x200 pathopenat+0x635/0xe90 dofilp_open+0xb4/0x160 ? __createobject.isra.0+0x1de/0x3b0 ? rawspinunlock+0x12/0x30 dosysopenat2+0x91/0x150 __x64sysopen+0x6c/0xa0 dosyscall64+0x3c/0x80 entrySYSCALL64afterhwframe+0x46/0xb0

The fix simply adds a call to ext4checkdir_entry() to validate the directory entry, returning -EFSCORRUPTED if the entry is invalid.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49879.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3d0518f4758eca4339e75e5b9dbb7e06a5ce08b4

Fixed

2fa24d0274fbf913b56ee31f15bc01168669d909

Fixed

156451a67b93986fb07c274ef6995ff40766c5ad

Fixed

999cff2b6ce3b45c08abf793bf55534777421327

Fixed

ce1ee2c8827fb6493e91acbd50f664cf2a972c3d

Fixed

17a0bc9bd697f75cfdf9b378d5eb2d7409c91340

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49879.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.30

Fixed

5.4.224

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.154

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.78

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.0.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49879.json"