DEBIAN-CVE-2022-50126

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-50126
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50126.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50126
Upstream
Published
2025-06-18T11:15:42Z
Modified
2025-09-30T05:17:35.532845Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->bfrozendata == NULL' failure when journal aborted Following process will fail assertion 'jh->bfrozendata == NULL' in jbd2journaldirtymetadata(): jbd2journalcommittransaction unlink(dir/a) jh->btransaction = trans1 jh->bjlist = BJMetadata journal->jrunningtransaction = NULL trans1->tstate = TCOMMIT unlink(dir/b) handle->htrans = trans2 dogetwriteaccess jh->bmodified = 0 jh->bfrozendata = frozenbuffer jh->bnexttransaction = trans2 jbd2journaldirtymetadata ishandleaborted isjournalaborted // return false --> jbd2 abort <-- while (committransaction->tbuffers) if (isjournalaborted) jbd2journalrefilebuffer _jbd2journalrefilebuffer WRITEONCE(jh->btransaction, jh->bnexttransaction) WRITEONCE(jh->bnexttransaction, NULL) _jbd2journalfilebuffer(jh, BJReserved) JASSERTJH(jh, jh->bfrozendata == NULL) // assertion failure ! The reproducer (See detail in [Link]) reports: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1629! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 584 Comm: unlink Tainted: G W 5.19.0-rc6-00115-g4a57a8400075-dirty #697 RIP: 0010:jbd2journaldirtymetadata+0x3c5/0x470 RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202 Call Trace: <TASK> _ext4handledirtymetadata+0xa0/0x290 ext4handledirtydirblock+0x10c/0x1d0 ext4deleteentry+0x104/0x200 _ext4unlink+0x22b/0x360 ext4unlink+0x275/0x390 vfsunlink+0x20b/0x4c0 dounlinkat+0x42f/0x4c0 _x64sysunlink+0x37/0x50 dosyscall64+0x35/0x80 After journal aborting, _jbd2journalrefilebuffer() is executed with holding @jh->bstatelock, we can fix it by moving 'ishandleaborted()' into the area protected by @jh->bstate_lock.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.140-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}