CVE-2022-50379

Source
https://cve.org/CVERecord?id=CVE-2022-50379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50379
Downstream
Related
Published
2025-09-18T13:33:01.502Z
Modified
2026-07-08T06:51:35.220851722Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
btrfs: fix race between quota enable and quota rescan ioctl
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix race between quota enable and quota rescan ioctl

When enabling quotas, at btrfsquotaenable(), after committing the transaction, we change fsinfo->quotaroot to point to the quota root we created and set BTRFSFSQUOTAENABLED at fsinfo->flags. Then we try to start the qgroup rescan worker, first by initializing it with a call to qgrouprescaninit() - however if that fails we end up freeing the quota root but we leave fsinfo->quotaroot still pointing to it, this can later result in a use-after-free somewhere else.

We have previously set the flags BTRFSFSQUOTAENABLED and BTRFSQGROUPSTATUSFLAGON, so we can only fail with -EINPROGRESS at btrfsquota_enable(), which is possible if someone already called the quota rescan ioctl, and therefore started the rescan worker.

So fix this by ignoring an -EINPROGRESS and asserting we can't get any other error.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50379.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5d23515be66904fa3b1b5d6bd72d2199cd2447ab
Fixed
c97f6d528c3f1c83a6b792a8a7928c236c80b8fe
Fixed
26b7c0ac49a3eea15559c9d84863736a6d1164b4
Fixed
47b5ffe86332af95f0f52be0a63d4da7c2b37b55
Fixed
4b996a3014ef014af8f97b60c35f5289210a4720
Fixed
0efd9dfc00d677a1d0929319a6103cb2dfc41c22
Fixed
6c22f86dd221eba0c7af645b1af73dcbc04ee27b
Fixed
331cd9461412e103d07595a10289de90004ac890

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50379.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.17.0
Fixed
4.19.262
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.220
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.150
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.75
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.17
Type
ECOSYSTEM
Events
Introduced
5.20.0
Fixed
6.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50379.json"