DEBIAN-CVE-2022-50638

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in _estreesearch caused by bad boot loader inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extentsstatus.c:203! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 1 PID: 945 Comm: cat Not tainted 6.0.0-next-20221007-dirty #349 RIP: 0010:ext4esend.isra.0+0x34/0x42 RSP: 0018:ffffc9000143b768 EFLAGS: 00010203 RAX: 0000000000000000 RBX: ffff8881769cd0b8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8fc27cf7 RDI: 00000000ffffffff RBP: ffff8881769cd0bc R08: 0000000000000000 R09: ffffc9000143b5f8 R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881769cd0a0 R13: ffff8881768e5668 R14: 00000000768e52f0 R15: 0000000000000000 FS: 00007f359f7f05c0(0000)GS:ffff88842fd00000(0000)knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f359f5a2000 CR3: 000000017130c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> _estreesearch.isra.0+0x6d/0xf5 ext4escacheextent+0xfa/0x230 ext4cacheextents+0xd2/0x110 ext4findextent+0x5d5/0x8c0 ext4extmapblocks+0x9c/0x1d30 ext4mapblocks+0x431/0xa50 ext4mpagereadpages+0x48e/0xe40 ext4readahead+0x47/0x50 readpages+0x82/0x530 pagecacheraunbounded+0x199/0x2a0 dopagecachera+0x47/0x70 pagecacheraorder+0x242/0x400 ondemandreadahead+0x1e8/0x4b0 pagecachesyncra+0xf4/0x110 filemapgetpages+0x131/0xb20 filemapread+0xda/0x4b0 genericfilereaditer+0x13a/0x250 ext4filereaditer+0x59/0x1d0 vfsread+0x28f/0x460 ksysread+0x73/0x160 _x64sysread+0x1e/0x30 dosyscall64+0x35/0x80 entrySYSCALL64afterhwframe+0x63/0xcd </TASK> ================================================================== In the above issue, ioctl invokes the swapinodebootloader function to swap inode<5> and inode<12>. However, inode<5> contain incorrect imode and disordered extents, and inlink is set to 1. The extents check for inode in the ext4iget function can be bypassed bacause 5 is EXT4BOOTLOADERINO. While linkscount is set to 1, the extents are not initialized in swapinodebootloader. After the ioctl command is executed successfully, the extents are swapped to inode<12>, in this case, run the cat command to view inode<12>. And BugON is triggered due to the incorrect extents. When the boot loader inode is not initialized, its imode can be one of the following: 1) the imode is a bad type, which is marked as badinode in ext4iget and set to SIFREG. 2) the imode is good type but not SIFREG. 3) the imode is SIFREG. The BUGON may be triggered by bypassing the check in cases 1 and 2. Therefore, when the boot loader inode is badinode or its imode is not SIFREG, initialize the inode to avoid triggering the BUG.