DEBIAN-CVE-2022-49348
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-49348
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49348.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-49348
- Upstream
- Published
- 2025-02-26T07:01:11Z
- Modified
- 2025-10-22T09:15:44.907942Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4FCREPLAY from on-disk superblock field sstate The EXT4FCREPLAY bit in sbi->smountstate is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the sbi->smountinfo is initialized from es->sstate. Arguably smountstate is misleadingly named, but the name is historical --- smountstate and sstate dates back to ext2. What should have been used is the ext4{set,clear,test}mountflag() inline functions, which sets EXT4MF* bits in sbi->smountflags. The problem with using EXT4FCREPLAY is that a maliciously corrupted superblock could result in EXT4FCREPLAY getting set in smountstate. This bypasses some sanity checks, and this can trigger a BUG() in ext4escacheextent(). As a easy-to-backport-fix, filter out the EXT4FCREPLAY bit for now. We should eventually transition away from EXT4FCREPLAY to something like EXT4MF_REPLAY.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.127-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source