CVE-2022-50344

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50344
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50344.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50344
Downstream
Related
Published
2025-09-16T16:11:23.345Z
Modified
2026-04-11T12:44:56.810326Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ext4: fix null-ptr-deref in ext4_write_info
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix null-ptr-deref in ext4writeinfo

I caught a null-ptr-deref bug as follows:

KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4writeinfo+0x53/0x1b0 [...] Call Trace: dquotwritebackdquots+0x341/0x9a0 ext4syncfs+0x19e/0x800 __syncfilesystem+0x83/0x100 syncfilesystem+0x89/0xf0 genericshutdownsuper+0x79/0x3e0 killblocksuper+0xa1/0x110 deactivatelockedsuper+0xac/0x130 deactivatesuper+0xb6/0xd0 cleanupmnt+0x289/0x400 _cleanupmnt+0x16/0x20 taskworkrun+0x11c/0x1c0 exittousermodeprepare+0x203/0x210 syscallexittousermode+0x5b/0x3a0 dosyscall64+0x59/0x70 entrySYSCALL64afterhwframe+0x44/0xa9 ==================================================================

Above issue may happen as follows:

exittousermodeprepare taskworkrun __cleanupmnt cleanupmnt deactivate_super deactivatelockedsuper killblocksuper genericshutdownsuper shrinkdcacheforumount dentry = sb->sroot sb->sroot = NULL <--- Here set NULL syncfilesystem _syncfilesystem sb->sop->syncfs > ext4syncfs dquotwritebackdquots sb->dqop->writeinfo > ext4writeinfo ext4journalstart(dinode(sb->sroot), EXT4HTQUOTA, 2) dinode(sb->sroot) sroot->dinode <--- Null pointer dereference

To solve this problem, we use ext4journalstartsb directly to avoid sroot being used.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50344.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a1177825719ccef3f76ef39bbfd5ebb6087d53c7
Fixed
dc451578446afd03c0c21913993c08898a691435
Fixed
f4b5ff0b794aa94afac7269c494550ca2f66511b
Fixed
947264e00c46de19a016fd81218118c708fed2f3
Fixed
3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4
Fixed
f34ab95162763cd7352f46df169296eec28b688d
Fixed
533c60a0b97cee5daab376933f486207e6680fb7
Fixed
4a657319cfabd6199fd0b7b65bbebf6ded7a11c1
Fixed
bb420e8afc854d2a1caaa23a0c129839acfb7888
Fixed
f9c1f248607d5546075d3f731e7607d5571f2b60

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50344.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.6.0
Fixed
4.9.331
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.296
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.262
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.220
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.150
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.75
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.17
Type
ECOSYSTEM
Events
Introduced
5.20.0
Fixed
6.0.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50344.json"