DEBIAN-CVE-2022-50344

Source
https://security-tracker.debian.org/tracker/CVE-2022-50344
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50344.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50344
Upstream
Published
2025-09-16T17:15:34Z
Modified
2025-09-30T05:18:41.624423Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4writeinfo I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4writeinfo+0x53/0x1b0 [...] Call Trace: dquotwritebackdquots+0x341/0x9a0 ext4syncfs+0x19e/0x800 _syncfilesystem+0x83/0x100 syncfilesystem+0x89/0xf0 genericshutdownsuper+0x79/0x3e0 killblocksuper+0xa1/0x110 deactivatelockedsuper+0xac/0x130 deactivatesuper+0xb6/0xd0 cleanupmnt+0x289/0x400 _cleanupmnt+0x16/0x20 taskworkrun+0x11c/0x1c0 exittousermodeprepare+0x203/0x210 syscallexittousermode+0x5b/0x3a0 dosyscall64+0x59/0x70 entrySYSCALL64afterhwframe+0x44/0xa9 ================================================================== Above issue may happen as follows: ------------------------------------- exittousermodeprepare taskworkrun _cleanupmnt cleanupmnt deactivatesuper deactivatelockedsuper killblocksuper genericshutdownsuper shrinkdcacheforumount dentry = sb->sroot sb->sroot = NULL <--- Here set NULL syncfilesystem _syncfilesystem sb->sop->syncfs > ext4syncfs dquotwritebackdquots sb->dqop->writeinfo > ext4writeinfo ext4journalstart(dinode(sb->sroot), EXT4HTQUOTA, 2) dinode(sb->sroot) sroot->dinode <--- Null pointer dereference To solve this problem, we use ext4journalstartsb directly to avoid s_root being used.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.158-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}