DEBIAN-CVE-2022-50755

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-50755

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50755.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50755

Upstream

CVE-2022-50755

Published

2025-12-24T13:16:02.250Z

Modified

2025-12-25T11:18:28.941923Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse() in udfrename() syzbot reported a warning like below [1]: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 _brelse+0x67/0xa0 ... Call Trace: <TASK> invalidatebhlru+0x99/0x150 smpcallfunctionmanycond+0xe2a/0x10c0 ? genericremapfilerangeprep+0x50/0x50 ? _brelse+0xa0/0xa0 ? _mutexlock+0x21c/0x12d0 ? smpcalloncpu+0x250/0x250 ? rcureadlockschedheld+0xb/0x60 ? lockrelease+0x587/0x810 ? _brelse+0xa0/0xa0 ? genericremapfilerangeprep+0x50/0x50 oneachcpucondmask+0x3c/0x80 blkdevflushmapping+0x13a/0x2f0 blkdevputwhole+0xd3/0xf0 blkdevput+0x222/0x760 deactivatelockedsuper+0x96/0x160 deactivatesuper+0xda/0x100 cleanupmnt+0x222/0x3d0 taskworkrun+0x149/0x240 ? taskworkcancel+0x30/0x30 doexit+0xb29/0x2a40 ? reacquireheldlocks+0x4a0/0x4a0 ? dorawspinlock+0x12a/0x2b0 ? mmupdatenextowner+0x7c0/0x7c0 ? rwlockbug.part.0+0x90/0x90 ? zapotherthreads+0x234/0x2d0 dogroupexit+0xd0/0x2a0 _x64sysexitgroup+0x3a/0x50 dosyscall64+0x34/0xb0 entrySYSCALL64afterhwframe+0x63/0xcd The cause of the issue is that brelse() is called on both ofibh.sbh and ofibh.ebh by udffindentry() when it returns NULL. However, brelse() is called by udfrename(), too. So, bcount on bufferhead becomes unbalanced. This patch fixes the issue by not calling brelse() by udfrename() when udffind_entry() returns NULL.

References

https://security-tracker.debian.org/tracker/CVE-2022-50755

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50755.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50755.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50755.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50755.json"