CVE-2022-49879
- Source
- https://cve.org/CVERecord?id=CVE-2022-49879
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49879.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49879
- Downstream
- Related
- Published
- 2025-05-01T14:10:27.117Z
- Modified
- 2026-04-03T13:14:43.543322810Z
- Summary
- ext4: fix BUG_ON() when directory entry has invalid rec_len
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix BUGON() when directory entry has invalid reclen
The reclen field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4reclentodisk(), called from makeindexed_dir().
------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:makeindexeddir+0x53f/0x5f0 ... Call Trace: <TASK> ? adddirenttobuf+0x1b2/0x200 ext4addentry+0x36e/0x480 ext4addnondir+0x2b/0xc0 ext4create+0x163/0x200 pathopenat+0x635/0xe90 dofilp_open+0xb4/0x160 ? __createobject.isra.0+0x1de/0x3b0 ? rawspinunlock+0x12/0x30 dosysopenat2+0x91/0x150 __x64sysopen+0x6c/0xa0 dosyscall64+0x3c/0x80 entrySYSCALL64afterhwframe+0x46/0xb0
The fix simply adds a call to ext4checkdir_entry() to validate the directory entry, returning -EFSCORRUPTED if the entry is invalid.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49879.json" }- References
-
- https://git.kernel.org/stable/c/156451a67b93986fb07c274ef6995ff40766c5ad
- https://git.kernel.org/stable/c/17a0bc9bd697f75cfdf9b378d5eb2d7409c91340
- https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909
- https://git.kernel.org/stable/c/999cff2b6ce3b45c08abf793bf55534777421327
- https://git.kernel.org/stable/c/ce1ee2c8827fb6493e91acbd50f664cf2a972c3d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49879.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49879
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3d0518f4758eca4339e75e5b9dbb7e06a5ce08b4Fixed2fa24d0274fbf913b56ee31f15bc01168669d909Fixed156451a67b93986fb07c274ef6995ff40766c5adFixed999cff2b6ce3b45c08abf793bf55534777421327Fixedce1ee2c8827fb6493e91acbd50f664cf2a972c3dFixed17a0bc9bd697f75cfdf9b378d5eb2d7409c91340