{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49425", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.569Z", "datePublished": "2025-02-26T02:12:46.702Z", "dateUpdated": "2025-05-04T08:37:23.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:37:23.852Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix dereference of stale list iterator after loop body\n\nThe list iterator variable will be a bogus pointer if no break was hit.\nDereferencing it (cur->page in this case) could load an out-of-bounds/undefined\nvalue making it unsafe to use that in the comparision to determine if the\nspecific element was found.\n\nSince 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that\nby chance (or intention of an attacker) it matches the value of 'page'\neven though the correct element was not found.\n\nThis is fixed by using a separate list iterator variable for the loop\nand only setting the original variable if a suitable element was found.\nThen determing if the element was found is simply checking if the\nvariable is set."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/segment.c"], "versions": [{"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "385edd3ce5b4b1e9d31f474a5e35a39779ec1110", "status": "affected", "versionType": "git"}, {"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "5e47a7add3dda7f236548c5ec3017776dc2a729f", "status": "affected", "versionType": "git"}, {"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "51d584704d18e60fa473823654f35611c777b291", "status": "affected", "versionType": "git"}, {"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "45b2b7d7108ae1e25a5036cab04ab9273e792332", "status": "affected", "versionType": "git"}, {"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "b26e1c777890e4b938136deb8ec07a29f33862e4", "status": "affected", "versionType": "git"}, {"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "ed7efc472c00986dcd6903ab6ed165c7fa167674", "status": "affected", "versionType": "git"}, {"version": "8c242db9b8c01b252290e23827163787f07e01d1", "lessThan": "2aaf51dd39afb6d01d13f1e6fe20b684733b37d5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/f2fs/segment.c"], "versions": [{"version": "4.12", "status": "affected"}, {"version": "0", "lessThan": "4.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.247", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "4.19.247"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.10.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.15.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.17.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/385edd3ce5b4b1e9d31f474a5e35a39779ec1110"}, {"url": "https://git.kernel.org/stable/c/5e47a7add3dda7f236548c5ec3017776dc2a729f"}, {"url": "https://git.kernel.org/stable/c/51d584704d18e60fa473823654f35611c777b291"}, {"url": "https://git.kernel.org/stable/c/45b2b7d7108ae1e25a5036cab04ab9273e792332"}, {"url": "https://git.kernel.org/stable/c/b26e1c777890e4b938136deb8ec07a29f33862e4"}, {"url": "https://git.kernel.org/stable/c/ed7efc472c00986dcd6903ab6ed165c7fa167674"}, {"url": "https://git.kernel.org/stable/c/2aaf51dd39afb6d01d13f1e6fe20b684733b37d5"}], "title": "f2fs: fix dereference of stale list iterator after loop body", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "14D48FB4-4920-47B2-961A-E24AFEC157E4", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "34ACD872-E5BC-401C-93D5-B357A62426E0", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix dereference of stale list iterator after loop body\n\nThe list iterator variable will be a bogus pointer if no break was hit.\nDereferencing it (cur->page in this case) could load an out-of-bounds/undefined\nvalue making it unsafe to use that in the comparision to determine if the\nspecific element was found.\n\nSince 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that\nby chance (or intention of an attacker) it matches the value of 'page'\neven though the correct element was not found.\n\nThis is fixed by using a separate list iterator variable for the loop\nand only setting the original variable if a suitable element was found.\nThen determing if the element was found is simply checking if the\nvariable is set."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: se corrige la desreferencia del iterador de lista obsoleto despu\u00e9s del cuerpo del bucle La variable del iterador de lista ser\u00e1 un puntero falso si no se alcanz\u00f3 ninguna interrupci\u00f3n. Desreferenciarlo (cur->page en este caso) podr\u00eda cargar un valor fuera de los l\u00edmites/indefinido, lo que hace que no sea seguro usarlo en la comparaci\u00f3n para determinar si se encontr\u00f3 el elemento espec\u00edfico. Dado que 'cur->page' *puede* estar fuera de los l\u00edmites, no se puede garantizar que por casualidad (o intenci\u00f3n de un atacante) coincida con el valor de 'page' aunque no se haya encontrado el elemento correcto. Esto se soluciona utilizando una variable de iterador de lista separada para el bucle y solo configurando la variable original si se encontr\u00f3 un elemento adecuado. Luego, determinar si se encontr\u00f3 el elemento es simplemente verificar si la variable est\u00e1 configurada."}], "id": "CVE-2022-49425", "lastModified": "2025-10-22T17:28:28.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:18.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2aaf51dd39afb6d01d13f1e6fe20b684733b37d5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/385edd3ce5b4b1e9d31f474a5e35a39779ec1110"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/45b2b7d7108ae1e25a5036cab04ab9273e792332"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/51d584704d18e60fa473823654f35611c777b291"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5e47a7add3dda7f236548c5ec3017776dc2a729f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b26e1c777890e4b938136deb8ec07a29f33862e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed7efc472c00986dcd6903ab6ed165c7fa167674"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: f2fs: fix dereference of stale list iterator after loop body", "id": "2347696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347696"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nf2fs: fix dereference of stale list iterator after loop body\nThe list iterator variable will be a bogus pointer if no break was hit.\nDereferencing it (cur->page in this case) could load an out-of-bounds/undefined\nvalue making it unsafe to use that in the comparision to determine if the\nspecific element was found.\nSince 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that\nby chance (or intention of an attacker) it matches the value of 'page'\neven though the correct element was not found.\nThis is fixed by using a separate list iterator variable for the loop\nand only setting the original variable if a suitable element was found.\nThen determing if the element was found is simply checking if the\nvariable is set."], "name": "CVE-2022-49425", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49425\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49425\nhttps://lore.kernel.org/linux-cve-announce/2025022655-CVE-2022-49425-05aa@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-13T21:07:28.787966+00:00", "updated": "2025-07-13T21:07:28.788044+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}