CVE-2022-49360

{"id": "CVE-2022-49360", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:12.677", "references": [{"url": "https://git.kernel.org/stable/c/071b1269a3b3ad9cec16ed76a48015bfffd9aee8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6b8beca0edd32075a769bfe4178ca00c0dcd22a9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c9e4cd5b0ccd7168801d6a811919171b185c5cf8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cc8c9df19971e59ebbe669ce710080e347dfec32", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ef221b738b26d8c9f7e7967f4586db2dd3bd5288", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on total_data_blocks\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215916\n\nThe kernel message is shown below:\n\nkernel BUG at fs/f2fs/segment.c:2560!\nCall Trace:\n allocate_segment_by_default+0x228/0x440\n f2fs_allocate_data_block+0x13d1/0x31f0\n do_write_page+0x18d/0x710\n f2fs_outplace_write_data+0x151/0x250\n f2fs_do_write_data_page+0xef9/0x1980\n move_data_page+0x6af/0xbc0\n do_garbage_collect+0x312f/0x46f0\n f2fs_gc+0x6b0/0x3bc0\n f2fs_balance_fs+0x921/0x2260\n f2fs_write_single_data_page+0x16be/0x2370\n f2fs_write_cache_pages+0x428/0xd00\n f2fs_write_data_pages+0x96e/0xd50\n do_writepages+0x168/0x550\n __writeback_single_inode+0x9f/0x870\n writeback_sb_inodes+0x47d/0xb20\n __writeback_inodes_wb+0xb2/0x200\n wb_writeback+0x4bd/0x660\n wb_workfn+0x5f3/0xab0\n process_one_work+0x79f/0x13e0\n worker_thread+0x89/0xf60\n kthread+0x26a/0x300\n ret_from_fork+0x22/0x30\nRIP: 0010:new_curseg+0xe8d/0x15f0\n\nThe root cause is: ckpt.valid_block_count is inconsistent with SIT table,\nstat info indicates filesystem has free blocks, but SIT table indicates\nfilesystem has no free segment.\n\nSo that during garbage colloection, it triggers panic when LFS allocator\nfails to find free segment.\n\nThis patch tries to fix this issue by checking consistency in between\nckpt.valid_block_count and block accounted from SIT."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para realizar una comprobaci\u00f3n de cordura en total_data_blocks Como inform\u00f3 Yanming en Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215916 El mensaje del kernel se muestra a continuaci\u00f3n: \u00a1ERROR del kernel en fs/f2fs/segment.c:2560! Call Trace: allocate_segment_by_default+0x228/0x440 f2fs_allocate_data_block+0x13d1/0x31f0 do_write_page+0x18d/0x710 f2fs_outplace_write_data+0x151/0x250 f2fs_do_write_data_page+0xef9/0x1980 move_data_page+0x6af/0xbc0 do_garbage_collect+0x312f/0x46f0 f2fs_gc+0x6b0/0x3bc0 f2fs_balance_fs+0x921/0x2260 f2fs_write_single_data_page+0x16be/0x2370 f2fs_write_cache_pages+0x428/0xd00 f2fs_write_data_pages+0x96e/0xd50 do_writepages+0x168/0x550 __writeback_single_inode+0x9f/0x870 writeback_sb_inodes+0x47d/0xb20 __writeback_inodes_wb+0xb2/0x200 wb_writeback+0x4bd/0x660 wb_workfn+0x5f3/0xab0 process_one_work+0x79f/0x13e0 worker_thread+0x89/0xf60 kthread+0x26a/0x300 ret_from_fork+0x22/0x30 RIP: 0010:new_curseg+0xe8d/0x15f0 La causa ra\u00edz es: ckpt.valid_block_count es inconsistente con la tabla SIT, la informaci\u00f3n estad\u00edstica indica que el sistema de archivos tiene bloques libres, pero la tabla SIT indica que el sistema de archivos no tiene segmentos libres. Por lo tanto, durante la recolecci\u00f3n de basura, se genera un p\u00e1nico cuando el asignador LFS no encuentra un segmento libre. Este parche intenta solucionar este problema al verificar la coherencia entre ckpt.valid_block_count y el bloque contabilizado desde SIT."}], "lastModified": "2025-10-21T12:17:01.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD91DA8C-87FE-47CE-A7BA-0480866181FA", "versionEndExcluding": "5.10.121", "versionStartIncluding": "3.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}