CVE-2022-50344
- Source
- https://cve.org/CVERecord?id=CVE-2022-50344
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50344.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50344
- Downstream
- Related
- Published
- 2025-09-16T16:11:23.345Z
- Modified
- 2026-03-20T12:22:34.394244Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ext4: fix null-ptr-deref in ext4_write_info
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix null-ptr-deref in ext4writeinfo
I caught a null-ptr-deref bug as follows:
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4writeinfo+0x53/0x1b0 [...] Call Trace: dquotwritebackdquots+0x341/0x9a0 ext4syncfs+0x19e/0x800 __syncfilesystem+0x83/0x100 syncfilesystem+0x89/0xf0 genericshutdownsuper+0x79/0x3e0 killblocksuper+0xa1/0x110 deactivatelockedsuper+0xac/0x130 deactivatesuper+0xb6/0xd0 cleanupmnt+0x289/0x400 _cleanupmnt+0x16/0x20 taskworkrun+0x11c/0x1c0 exittousermodeprepare+0x203/0x210 syscallexittousermode+0x5b/0x3a0 dosyscall64+0x59/0x70 entrySYSCALL64afterhwframe+0x44/0xa9 ==================================================================
Above issue may happen as follows:
exittousermodeprepare taskworkrun __cleanupmnt cleanupmnt deactivate_super deactivatelockedsuper killblocksuper genericshutdownsuper shrinkdcacheforumount dentry = sb->sroot sb->sroot = NULL <--- Here set NULL syncfilesystem _syncfilesystem sb->sop->syncfs > ext4syncfs dquotwritebackdquots sb->dqop->writeinfo > ext4writeinfo ext4journalstart(dinode(sb->sroot), EXT4HTQUOTA, 2) dinode(sb->sroot) sroot->dinode <--- Null pointer dereference
To solve this problem, we use ext4journalstartsb directly to avoid sroot being used.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50344.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4
- https://git.kernel.org/stable/c/4a657319cfabd6199fd0b7b65bbebf6ded7a11c1
- https://git.kernel.org/stable/c/533c60a0b97cee5daab376933f486207e6680fb7
- https://git.kernel.org/stable/c/947264e00c46de19a016fd81218118c708fed2f3
- https://git.kernel.org/stable/c/bb420e8afc854d2a1caaa23a0c129839acfb7888
- https://git.kernel.org/stable/c/dc451578446afd03c0c21913993c08898a691435
- https://git.kernel.org/stable/c/f34ab95162763cd7352f46df169296eec28b688d
- https://git.kernel.org/stable/c/f4b5ff0b794aa94afac7269c494550ca2f66511b
- https://git.kernel.org/stable/c/f9c1f248607d5546075d3f731e7607d5571f2b60
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50344.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50344
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda1177825719ccef3f76ef39bbfd5ebb6087d53c7Fixeddc451578446afd03c0c21913993c08898a691435Fixedf4b5ff0b794aa94afac7269c494550ca2f66511bFixed947264e00c46de19a016fd81218118c708fed2f3Fixed3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4Fixedf34ab95162763cd7352f46df169296eec28b688dFixed533c60a0b97cee5daab376933f486207e6680fb7Fixed4a657319cfabd6199fd0b7b65bbebf6ded7a11c1Fixedbb420e8afc854d2a1caaa23a0c129839acfb7888Fixedf9c1f248607d5546075d3f731e7607d5571f2b60