CVE-2022-50546

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50546
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50546.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50546
Downstream
Related
Published
2025-10-07T15:21:09.963Z
Modified
2026-04-11T12:44:58.306965Z
Summary
ext4: fix uninititialized value in 'ext4_evict_inode'
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix uninititialized value in 'ext4evictinode'

Syzbot found the following issue:

BUG: KMSAN: uninit-value in ext4evictinode+0xdd/0x26b0 fs/ext4/inode.c:180 ext4evictinode+0xdd/0x26b0 fs/ext4/inode.c:180 evict+0x365/0x9a0 fs/inode.c:664 iput_final fs/inode.c:1747 [inline] iput+0x985/0xdd0 fs/inode.c:1773 __ext4newinode+0xe54/0x7ec0 fs/ext4/ialloc.c:1361 ext4mknod+0x376/0x840 fs/ext4/namei.c:2844 vfsmknod+0x79d/0x830 fs/namei.c:3914 do_mknodat+0x47d/0xaa0 __dosysmknodat fs/namei.c:3992 [inline] __sesysmknodat fs/namei.c:3989 [inline] __ia32sysmknodat+0xeb/0x150 fs/namei.c:3989 dosyscall32irqson arch/x86/entry/common.c:112 [inline] __dofastsyscall32+0xa2/0x100 arch/x86/entry/common.c:178 dofastsyscall32+0x33/0x70 arch/x86/entry/common.c:203 doSYSENTER32+0x1b/0x20 arch/x86/entry/common.c:246 entrySYSENTERcompatafterhwframe+0x70/0x82

Uninit was created at: __allocpages+0x9f1/0xe80 mm/pagealloc.c:5578 alloc_pages+0xaae/0xd80 mm/mempolicy.c:2285 allocslabpage mm/slub.c:1794 [inline] allocateslab+0x1b5/0x1010 mm/slub.c:1939 newslab mm/slub.c:1992 [inline] ___slab_alloc+0x10c3/0x2d60 mm/slub.c:3180 __slaballoc mm/slub.c:3279 [inline] slaballocnode mm/slub.c:3364 [inline] slaballoc mm/slub.c:3406 [inline] __kmemcachealloclru mm/slub.c:3413 [inline] kmemcachealloclru+0x6f3/0xb30 mm/slub.c:3429 allocinodesb include/linux/fs.h:3117 [inline] ext4allocinode+0x5f/0x860 fs/ext4/super.c:1321 allocinode+0x83/0x440 fs/inode.c:259 newinodepseudo fs/inode.c:1018 [inline] newinode+0x3b/0x430 fs/inode.c:1046 __ext4newinode+0x2a7/0x7ec0 fs/ext4/ialloc.c:959 ext4_mkdir+0x4d5/0x1560 fs/ext4/namei.c:2992 vfsmkdir+0x62a/0x870 fs/namei.c:4035 domkdirat+0x466/0x7b0 fs/namei.c:4060 __dosysmkdirat fs/namei.c:4075 [inline] __sesysmkdirat fs/namei.c:4073 [inline] __ia32sysmkdirat+0xc4/0x120 fs/namei.c:4073 dosyscall32irqson arch/x86/entry/common.c:112 [inline] __dofastsyscall32+0xa2/0x100 arch/x86/entry/common.c:178 dofastsyscall32+0x33/0x70 arch/x86/entry/common.c:203 doSYSENTER32+0x1b/0x20 arch/x86/entry/common.c:246 entrySYSENTERcompatafterhwframe+0x70/0x82

CPU: 1 PID: 4625 Comm: syz-executor.2 Not tainted 6.1.0-rc4-syzkaller-62821-gcb231e2f67ec #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022

Now, 'ext4allocinode()' didn't init 'ei->iflags'. If new inode failed before set 'ei->iflags' in '__ext4newinode()', then do 'iput()'. As after 6bc0d63dad7f commit will access 'ei->iflags' in 'ext4evictinode()' which will lead to access uninit-value. To solve above issue just init 'ei->iflags' in 'ext4allocinode()'.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50546.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bb337d8dd1e1d6b7719872e45e36392f3ab14b4f
Fixed
f0bffdcc7cb14598af2aa706f1e0f2a9054154ba
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a5f9bd4beae8553480d02b569d4aabee1b49345d
Fixed
e431b4fb1fb8c2654b808086e9747a000adb9655
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0e6fbc566fcc4c230bf80f76cf5df26b42142d8a
Fixed
091f85db4c3fb1734a6d7fb4777a2b2831da6631
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0b885394fd009aa0b46d81b496a816ab11309f8a
Fixed
3c31d8d3ad95aef8cc17a4fcf317e46217148439
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6bc0d63dad7f9f54d381925ee855b402f652fa39
Fixed
56491d60ddca9c697d885394cb0173675b9ab81f
Fixed
9f966e021c20caae639dd0e404c8761e8281a2c4
Fixed
7ea71af94eaaaf6d9aed24bc94a05b977a741cb9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
819d16f7feaca0f2ed3409be14fe953127fc51b6
Last affected
458aee4a6e5be7ad862ee27dfaf07ce552d84f32

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50546.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.164
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.87
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.18
Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50546.json"