CVE-2022-49168

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49168

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49168.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49168

Downstream

DEBIAN-CVE-2022-49168

SUSE-SU-2025:01983-1

UBUNTU-CVE-2022-49168

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

Related

SUSE-SU-2025:01983-1

Published

2025-02-26T07:00:53Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not clean up repair bio if submit fails

The submit helper will always run bioendio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs because we race with the endio function that is cleaning up the bio. Instead just return BLKSTS_OK as the repair function has to continue to process the rest of the pages, and the endio for the repair bio will do the appropriate cleanup for the page that it was given.

References

Affected packages