CVE-2022-49380

Source
https://cve.org/CVERecord?id=CVE-2022-49380
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49380.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49380
Downstream
Published
2025-02-26T02:11:18.314Z
Modified
2026-07-15T01:49:01.214052125Z
Summary
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid f2fsbugon() in decvalidnode_count()

As Yanming reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=215897

I have encountered a bug in F2FS file system in kernel v5.17.

The kernel should enable CONFIGKASAN=y and CONFIGKASAN_INLINE=y. You can reproduce the bug by running the following commands:

The kernel message is shown below:

kernel BUG at fs/f2fs/f2fs.h:2511! Call Trace: f2fsremoveinodepage+0x2a2/0x830 f2fsevictinode+0x9b7/0x1510 evict+0x282/0x4e0 dounlinkat+0x33a/0x540 __x64sysunlinkat+0x8e/0xd0 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x44/0xae

The root cause is: .totalvalidblockcount or .totalvalidnodecount could fuzzed to zero, then once decvalidnodecount() was called, it will cause BUGON(), this patch fixes to print warning info and set SBINEEDFSCK into CP instead of panic.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49380.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
98e4da8ca301e062d79ae168c67e56f3c3de3ce4
Fixed
f8b3c3fcf33105bc1ee7788e3b51b0a1ae42ae53
Fixed
2766ddaf45b69252bb8fe526b5b6e56904a9ae7a
Fixed
bce859358d3d5940aa858e40ceee70ee6e76130e
Fixed
89d9a48d0cd30429463ea4e37ca83be6773ed5eb
Fixed
ccffa99ae6a1f44797b57444c6a80382a42928fe
Fixed
4d17e6fe9293d57081ffdc11e1cf313e25e8fd9e

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49380.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
5.4.198
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.121
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.46
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.17.14
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49380.json"