CVE-2022-49167

I hit some weird panics while fixing up the error handling from btrfslookupbiosums(). Turns out the compression path will complete the bio we use if we set up any of the compression bios and then return an error, and then btrfssubmitdatabio() will also call bio_endio() on the bio.

Fix this by making btrfssubmitcompressedread() responsible for calling bioendio() on the bio if there are any errors. Currently it was only doing it if we created the compression bios, otherwise it was depending on btrfssubmitdatabio() to do the right thing. This creates the above problem, so fix up btrfssubmitcompressedread() to always call bioendio() in case of an error, and then simply return from btrfssubmitdatabio() if we had to call btrfssubmitcompressed_read().

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49167.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

86ccbb4d2a2af4109430df518c995a4f7d14dfd2

Fixed

4a4ceb2b990771c374d85d496a1a45255dde48e3

Fixed

987b5df1d10355d377315a26e7fb6c72ded83c9f

Fixed

f9f15de85d74e7eef021af059ca53a15f041cdd8

Affected versions

v5.*

v5.15

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.12

v5.16.13

v5.16.14

v5.16.15

v5.16.16

v5.16.17

v5.16.18

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49167.json"