CVE-2022-49428
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49428
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49428.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49428
- Downstream
- Published
- 2025-02-26T02:12:48Z
- Modified
- 2025-10-21T10:18:14.163504Z
- Summary
- f2fs: fix to do sanity check on inline_dots inode
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on inline_dots inode
As Wenqing reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215765
It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt
foliomarkdirty+0x33/0x50 f2fsaddregularentry+0x541/0xad0 [f2fs] f2fsadddentry+0x6c/0xb0 [f2fs] f2fsdoaddlink+0x182/0x230 [f2fs] _recoverdotdentries+0x2d6/0x470 [f2fs] f2fslookup+0x5af/0x6a0 [f2fs] _lookupslow+0xac/0x200 lookupslow+0x45/0x70 walkcomponent+0x16c/0x250 pathlookupat+0x8b/0x1f0 filenamelookup+0xef/0x250 userpathatempty+0x46/0x70 vfsstatx+0x98/0x190 _dosysnewlstat+0x41/0x90 _x64sysnewlstat+0x1a/0x30 dosyscall64+0x37/0xb0 entrySYSCALL64afterhwframe+0x44/0xae
The root cause is for special file: e.g. character, block, fifo or socket file, f2fs doesn't assign address space operations pointer array for mapping->aops field, so, in a fuzzed image, if inlinedots flag was tagged in special file, during lookup(), when f2fs runs into _recoverdotdentries(), it will cause NULL pointer access once f2fsaddregularentry() calls aops->setdirty_page().
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/12662d19467b391b5b509ac5e9ab4f583c6dde16
- https://git.kernel.org/stable/c/250e5a6be52a6b9d82fe91976c83cc158868b4e9
- https://git.kernel.org/stable/c/2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a
- https://git.kernel.org/stable/c/34f48ce5d5936eea33e3b6415403e57eb84aff97
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced510022a85839a8409d1e6a519bb86ce71a84f30aFixed250e5a6be52a6b9d82fe91976c83cc158868b4e9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced510022a85839a8409d1e6a519bb86ce71a84f30aFixed34f48ce5d5936eea33e3b6415403e57eb84aff97
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced510022a85839a8409d1e6a519bb86ce71a84f30aFixed2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced510022a85839a8409d1e6a519bb86ce71a84f30aFixed12662d19467b391b5b509ac5e9ab4f583c6dde16
Affected versions
v4.*
v4.0
v4.0-rc3
v4.0-rc4
v4.0-rc5
v4.0-rc6
v4.0-rc7
v4.1
v4.1-rc1
v4.1-rc2
v4.1-rc3
v4.1-rc4
v4.1-rc5
v4.1-rc6
v4.1-rc7
v4.1-rc8
v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.2
v4.2-rc1
v4.2-rc2
v4.2-rc3
v4.2-rc4
v4.2-rc5
v4.2-rc6
v4.2-rc7
v4.2-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v4.3
v4.3-rc1
v4.3-rc2
v4.3-rc3
v4.3-rc4
v4.3-rc5
v4.3-rc6
v4.3-rc7
v4.4
v4.4-rc1
v4.4-rc2
v4.4-rc3
v4.4-rc4
v4.4-rc5
v4.4-rc6
v4.4-rc7
v4.4-rc8
v4.5
v4.5-rc1
v4.5-rc2
v4.5-rc3
v4.5-rc4
v4.5-rc5
v4.5-rc6
v4.5-rc7
v4.6
v4.6-rc1
v4.6-rc2
v4.6-rc3
v4.6-rc4
v4.6-rc5
v4.6-rc6
v4.6-rc7
v4.7
v4.7-rc1
v4.7-rc2
v4.7-rc3
v4.7-rc4
v4.7-rc5
v4.7-rc6
v4.7-rc7
v4.8
v4.8-rc1
v4.8-rc2
v4.8-rc3
v4.8-rc4
v4.8-rc5
v4.8-rc6
v4.8-rc7
v4.8-rc8
v4.9
v4.9-rc1
v4.9-rc2
v4.9-rc3
v4.9-rc4
v4.9-rc5
v4.9-rc6
v4.9-rc7
v4.9-rc8
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"id": "CVE-2022-49428-064b9d5a",
"target": {
"function": "__recover_dot_dentries",
"file": "fs/f2fs/namei.c"
},
"digest": {
"length": 1007.0,
"function_hash": "81601999304539231709115349550144893863"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@34f48ce5d5936eea33e3b6415403e57eb84aff97"
},
{
"id": "CVE-2022-49428-09da21ca",
"target": {
"function": "__recover_dot_dentries",
"file": "fs/f2fs/namei.c"
},
"digest": {
"length": 1007.0,
"function_hash": "81601999304539231709115349550144893863"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@250e5a6be52a6b9d82fe91976c83cc158868b4e9"
},
{
"id": "CVE-2022-49428-3486784b",
"target": {
"file": "fs/f2fs/namei.c"
},
"digest": {
"line_hashes": [
"56095138770149030204308698185984094048",
"268039015547462606974100678873916135056",
"114773279166811794122586389572479638925"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@250e5a6be52a6b9d82fe91976c83cc158868b4e9"
},
{
"id": "CVE-2022-49428-39f72709",
"target": {
"file": "fs/f2fs/namei.c"
},
"digest": {
"line_hashes": [
"56095138770149030204308698185984094048",
"268039015547462606974100678873916135056",
"114773279166811794122586389572479638925"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@34f48ce5d5936eea33e3b6415403e57eb84aff97"
},
{
"id": "CVE-2022-49428-6b9ed4d4",
"target": {
"file": "fs/f2fs/namei.c"
},
"digest": {
"line_hashes": [
"56095138770149030204308698185984094048",
"268039015547462606974100678873916135056",
"114773279166811794122586389572479638925"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a"
},
{
"id": "CVE-2022-49428-798c1b17",
"target": {
"function": "__recover_dot_dentries",
"file": "fs/f2fs/namei.c"
},
"digest": {
"length": 1007.0,
"function_hash": "81601999304539231709115349550144893863"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f46160d0a19b13bfe96c0dd50eed5c5d253ab7a"
},
{
"id": "CVE-2022-49428-b44e3865",
"target": {
"function": "__recover_dot_dentries",
"file": "fs/f2fs/namei.c"
},
"digest": {
"length": 1007.0,
"function_hash": "81601999304539231709115349550144893863"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12662d19467b391b5b509ac5e9ab4f583c6dde16"
},
{
"id": "CVE-2022-49428-cbf73a51",
"target": {
"file": "fs/f2fs/namei.c"
},
"digest": {
"line_hashes": [
"56095138770149030204308698185984094048",
"268039015547462606974100678873916135056",
"114773279166811794122586389572479638925"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12662d19467b391b5b509ac5e9ab4f583c6dde16"
}
]