CVE-2022-50346

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50346
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50346.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50346
Downstream
Related
Published
2025-09-16T16:11:39.179Z
Modified
2026-04-02T08:28:25.761975Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ext4: init quota for 'old.inode' in 'ext4_rename'
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: init quota for 'old.inode' in 'ext4_rename'

Syzbot found the following issue: ext4parseparam: swantextraisize=128 ext4inodeinfoinit: swantextraisize=32 ext4rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828 __ext4markinodedirty: inode=ffff888238699828 eaisize=32 wanteasize=128 __ext4markinodedirty: inode=ffff88823869a2c8 eaisize=32 wanteasize=128 ext4xattrblockset: inode=ffff88823869a2c8 ------------[ cut here ]------------ WARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4xattrblockset.cold+0x22/0x980 Modules linked in: RIP: 0010:ext4xattrblockset.cold+0x22/0x980 RSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000 RDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178 RBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e R10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000 R13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000 FS: 00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? ext4xattrsetentry+0x3b7/0x2320 ? ext4xattrblockset+0x0/0x2020 ? ext4xattrsetentry+0x0/0x2320 ? ext4xattrcheckentries+0x77/0x310 ? ext4xattribodyset+0x23b/0x340 ext4xattrmovetoblock+0x594/0x720 ext4expandextraisizeea+0x59a/0x10f0 __ext4expandextra_isize+0x278/0x3f0 __ext4markinodedirty.cold+0x347/0x410 ext4rename+0xed3/0x174f vfsrename+0x13a7/0x2510 dorenameat2+0x55d/0x920 __x64sysrename+0x7d/0xb0 dosyscall64+0x3b/0xa0 entrySYSCALL64afterhwframe+0x72/0xdc

As 'ext4rename' will modify 'old.inode' ctime and mark inode dirty, which may trigger expand 'extraisize' and allocate block. If inode didn't init quota will lead to warning. To solve above issue, init 'old.inode' firstly in 'ext4_rename'.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50346.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6dd4ee7cab7e3a17c571aebd444f4344c8c4946e
Fixed
67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5
Fixed
33fd7031d634f3b46e59f61adfbb0ea9fe514fef
Fixed
7dfb8259f66faafa68d23a261b284d2c2c67649b
Fixed
f263e349bacc2f303526dcfa61c4bc50132418b1
Fixed
84a2f2ed49d6a4d92b354219077434c57d334620
Fixed
def7a39091e60e1c4a2f623629082a00092602be
Fixed
135ba9146f4d38abed48a540ef8a8770ff0bd34f
Fixed
13271fbbe85d73a7c47058f56a52f2a7f00d6e39
Fixed
fae381a3d79bb94aa2eb752170d47458d778b797

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50346.json"