{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49363", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.547Z", "datePublished": "2025-02-26T02:11:09.817Z", "dateUpdated": "2025-07-11T17:19:17.959Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-11T17:19:17.959Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\n f2fs_invalidate_blocks+0x193/0x2d0\n f2fs_fallocate+0x2593/0x4a70\n vfs_fallocate+0x2a5/0xac0\n ksys_fallocate+0x35/0x70\n __x64_sys_fallocate+0x8e/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\n\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/file.c"], "versions": [{"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4", "lessThan": "7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67", "status": "affected", "versionType": "git"}, {"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4", "lessThan": "a34d7b49894b0533222188a52e2958750f830efd", "status": "affected", "versionType": "git"}, {"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4", "lessThan": "f2e1c38b5ac64eb1a16a89c52fb419409d12c25b", "status": "affected", "versionType": "git"}, {"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4", "lessThan": "470493be19a5730ed432e3ac0f29a2ee7fc6c557", "status": "affected", "versionType": "git"}, {"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4", "lessThan": "805b48b234a2803cb7daec7f158af12f0fbaefac", "status": "affected", "versionType": "git"}, {"version": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4", "lessThan": "25f8236213a91efdf708b9d77e9e51b6fc3e141c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/file.c"], "versions": [{"version": "3.8", "status": "affected"}, {"version": "0", "lessThan": "3.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "5.10.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "5.15.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "5.17.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"}, {"url": "https://git.kernel.org/stable/c/a34d7b49894b0533222188a52e2958750f830efd"}, {"url": "https://git.kernel.org/stable/c/f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"}, {"url": "https://git.kernel.org/stable/c/470493be19a5730ed432e3ac0f29a2ee7fc6c557"}, {"url": "https://git.kernel.org/stable/c/805b48b234a2803cb7daec7f158af12f0fbaefac"}, {"url": "https://git.kernel.org/stable/c/25f8236213a91efdf708b9d77e9e51b6fc3e141c"}], "title": "f2fs: fix to do sanity check on block address in f2fs_do_zero_range()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5FBE99B-FD10-47FC-B085-61E208BD06D6", "versionEndExcluding": "5.4.198", "versionStartIncluding": "3.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "34ACD872-E5BC-401C-93D5-B357A62426E0", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\n f2fs_invalidate_blocks+0x193/0x2d0\n f2fs_fallocate+0x2593/0x4a70\n vfs_fallocate+0x2a5/0xac0\n ksys_fallocate+0x35/0x70\n __x64_sys_fallocate+0x8e/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\n\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para realizar una comprobaci\u00f3n de cordura en la direcci\u00f3n de bloque en f2fs_do_zero_range() Como inform\u00f3 Yanming en bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215894 He encontrado un error en el sistema de archivos F2FS en el kernel v5.17. He subido la secuencia de llamada del sistema como case.c, y se puede encontrar una imagen difusa en google net disk El kernel debe habilitar CONFIG_KASAN=y y CONFIG_KASAN_INLINE=y. Puede reproducir el error ejecutando los siguientes comandos: kernel BUG at fs/f2fs/segment.c:2291! Rastreo de llamadas: f2fs_invalidate_blocks+0x193/0x2d0 f2fs_fallocate+0x2593/0x4a70 vfs_fallocate+0x2a5/0xac0 ksys_fallocate+0x35/0x70 __x64_sys_fallocate+0x8e/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae La causa ra\u00edz es que, despu\u00e9s de que se realiz\u00f3 el an\u00e1lisis difuso de la imagen, la informaci\u00f3n de mapeo de bloques en el inodo ser\u00e1 inconsistente con la tabla SIT, por lo que en f2fs_fallocate(), causar\u00e1 p\u00e1nico al actualizar SIT con blkaddr no v\u00e1lido. Solucionemos el problema agregando una verificaci\u00f3n de cordura en la direcci\u00f3n del bloque antes de actualizar la tabla SIT con ella."}], "id": "CVE-2022-49363", "lastModified": "2025-10-21T12:16:43.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:12.953", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/25f8236213a91efdf708b9d77e9e51b6fc3e141c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/470493be19a5730ed432e3ac0f29a2ee7fc6c557"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/805b48b234a2803cb7daec7f158af12f0fbaefac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a34d7b49894b0533222188a52e2958750f830efd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: f2fs: fix to do sanity check on block address in f2fs_do_zero_range()", "id": "2348162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348162"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\nAs Yanming reported in bugzilla:\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\nI have encountered a bug in F2FS file system in kernel v5.17.\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\nf2fs_invalidate_blocks+0x193/0x2d0\nf2fs_fallocate+0x2593/0x4a70\nvfs_fallocate+0x2a5/0xac0\nksys_fallocate+0x35/0x70\n__x64_sys_fallocate+0x8e/0xf0\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it."], "name": "CVE-2022-49363", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49363\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49363\nhttps://lore.kernel.org/linux-cve-announce/2025022644-CVE-2022-49363-a93a@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-07-13T11:22:31.331816+00:00", "updated": "2025-07-13T11:22:31.331890+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}