CVE-2022-49747

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49747
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49747.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49747
Downstream
Published
2025-03-27T16:42:57Z
Modified
2025-10-21T11:03:18.384541Z
Summary
erofs/zmap.c: Fix incorrect offset calculation
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs/zmap.c: Fix incorrect offset calculation

Effective offset to add to length was being incorrectly calculated, which resulted in iomap->length being set to 0, triggering a WARNON in iomapiter_done().

Fix that, and describe it in comments.

This was reported as a crash by syzbot under an issue about a warning encountered in iomapiterdone(), but unrelated to erofs.

C reproducer: https://syzkaller.appspot.com/text?tag=ReproC&x=1037a6b2880000 Kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=e2021a61197ebe02 Dashboard link: https://syzkaller.appspot.com/bug?extid=a8e049cd3abd342936b6

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eadcd6b5a1eb39866ab8d8a3e4f2e51bc51a2350
Fixed
2144859229c1e74f52d3ea067338d314a83a8afb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eadcd6b5a1eb39866ab8d8a3e4f2e51bc51a2350
Fixed
9f31d8c889d9a4e47bfcc6c4537d0c9f89fe582c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eadcd6b5a1eb39866ab8d8a3e4f2e51bc51a2350
Fixed
6acd87d50998ef0afafc441613aeaf5a8f5c9eff

Affected versions

v5.*

v5.14
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2-rc1
v6.2-rc2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-49747-099f0501",
        "target": {
            "function": "z_erofs_iomap_begin_report",
            "file": "fs/erofs/zmap.c"
        },
        "digest": {
            "length": 741.0,
            "function_hash": "224919707708634736366603734207976690476"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6acd87d50998ef0afafc441613aeaf5a8f5c9eff",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49747-13dbaa8f",
        "target": {
            "function": "z_erofs_iomap_begin_report",
            "file": "fs/erofs/zmap.c"
        },
        "digest": {
            "length": 741.0,
            "function_hash": "224919707708634736366603734207976690476"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f31d8c889d9a4e47bfcc6c4537d0c9f89fe582c",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49747-6f29cb92",
        "target": {
            "function": "z_erofs_iomap_begin_report",
            "file": "fs/erofs/zmap.c"
        },
        "digest": {
            "length": 705.0,
            "function_hash": "127240833083311060774501768254789325216"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2144859229c1e74f52d3ea067338d314a83a8afb",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-49747-8900f16c",
        "target": {
            "file": "fs/erofs/zmap.c"
        },
        "digest": {
            "line_hashes": [
                "294724924377778887798820716684120075055",
                "210237207576834654378179616779267810867",
                "259844733387737211884121662055734692163",
                "55434434106509689286809582297567959385",
                "292829791133855522515928257949270677233"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f31d8c889d9a4e47bfcc6c4537d0c9f89fe582c",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-49747-b828237b",
        "target": {
            "file": "fs/erofs/zmap.c"
        },
        "digest": {
            "line_hashes": [
                "294724924377778887798820716684120075055",
                "210237207576834654378179616779267810867",
                "259844733387737211884121662055734692163",
                "55434434106509689286809582297567959385",
                "292829791133855522515928257949270677233"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2144859229c1e74f52d3ea067338d314a83a8afb",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-49747-ef80e7c1",
        "target": {
            "file": "fs/erofs/zmap.c"
        },
        "digest": {
            "line_hashes": [
                "294724924377778887798820716684120075055",
                "210237207576834654378179616779267810867",
                "259844733387737211884121662055734692163",
                "55434434106509689286809582297567959385",
                "292829791133855522515928257949270677233"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6acd87d50998ef0afafc441613aeaf5a8f5c9eff",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.92
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.10