{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50435", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-17T14:53:07.009Z", "datePublished": "2025-10-01T11:42:12.845Z", "dateUpdated": "2025-10-01T11:42:12.845Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-01T11:42:12.845Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid crash when inline data creation follows DIO write\n\nWhen inode is created and written to using direct IO, there is nothing\nto clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets\ntruncated later to say 1 byte and written using normal write, we will\ntry to store the data as inline data. This confuses the code later\nbecause the inode now has both normal block and inline data allocated\nand the confusion manifests for example as:\n\nkernel BUG at fs/ext4/inode.c:2721!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 359 Comm: repro Not tainted 5.19.0-rc8-00001-g31ba1e3b8305-dirty #15\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\nRIP: 0010:ext4_writepages+0x363d/0x3660\nRSP: 0018:ffffc90000ccf260 EFLAGS: 00010293\nRAX: ffffffff81e1abcd RBX: 0000008000000000 RCX: ffff88810842a180\nRDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000\nRBP: ffffc90000ccf650 R08: ffffffff81e17d58 R09: ffffed10222c680b\nR10: dfffe910222c680c R11: 1ffff110222c680a R12: ffff888111634128\nR13: ffffc90000ccf880 R14: 0000008410000000 R15: 0000000000000001\nFS: 00007f72635d2640(0000) GS:ffff88811b000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565243379180 CR3: 000000010aa74000 CR4: 0000000000150eb0\nCall Trace:\n <TASK>\n do_writepages+0x397/0x640\n filemap_fdatawrite_wbc+0x151/0x1b0\n file_write_and_wait_range+0x1c9/0x2b0\n ext4_sync_file+0x19e/0xa00\n vfs_fsync_range+0x17b/0x190\n ext4_buffered_write_iter+0x488/0x530\n ext4_file_write_iter+0x449/0x1b90\n vfs_write+0xbcd/0xf40\n ksys_write+0x198/0x2c0\n __x64_sys_write+0x7b/0x90\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n </TASK>\n\nFix the problem by clearing EXT4_STATE_MAY_INLINE_DATA when we are doing\ndirect IO write to a file."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/file.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3b31cc533665899965e351aae6cc3c3f3b9cc076", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "43ed16910af200e2fcfe16986bee1a67fba94992", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "59b108630a4987f71e1dc1dc50b8062e992b49c6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a22f52d883313bbfaf864669c14003f9456d4f8f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "fb98cb61efff3b2a1964939465ccaaf906af1d4f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d8e4af8314df54d94cf2a541cf9c8626afe81d41", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "89db2b50469bdbccb06ab072096d9d403124abac", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "771f15782d95760cde352c8d4bfd6f2c70719568", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4bb26f2885ac6930984ee451b952c5a6042f2c0e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/file.c"], "versions": [{"version": "4.9.331", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.296", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.262", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.220", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.150", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.75", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.17", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.3", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.331"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.14.296"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.262"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.220"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.150"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.19.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.0.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3b31cc533665899965e351aae6cc3c3f3b9cc076"}, {"url": "https://git.kernel.org/stable/c/43ed16910af200e2fcfe16986bee1a67fba94992"}, {"url": "https://git.kernel.org/stable/c/59b108630a4987f71e1dc1dc50b8062e992b49c6"}, {"url": "https://git.kernel.org/stable/c/a22f52d883313bbfaf864669c14003f9456d4f8f"}, {"url": "https://git.kernel.org/stable/c/fb98cb61efff3b2a1964939465ccaaf906af1d4f"}, {"url": "https://git.kernel.org/stable/c/d8e4af8314df54d94cf2a541cf9c8626afe81d41"}, {"url": "https://git.kernel.org/stable/c/89db2b50469bdbccb06ab072096d9d403124abac"}, {"url": "https://git.kernel.org/stable/c/771f15782d95760cde352c8d4bfd6f2c70719568"}, {"url": "https://git.kernel.org/stable/c/4bb26f2885ac6930984ee451b952c5a6042f2c0e"}], "title": "ext4: avoid crash when inline data creation follows DIO write", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid crash when inline data creation follows DIO write\n\nWhen inode is created and written to using direct IO, there is nothing\nto clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets\ntruncated later to say 1 byte and written using normal write, we will\ntry to store the data as inline data. This confuses the code later\nbecause the inode now has both normal block and inline data allocated\nand the confusion manifests for example as:\n\nkernel BUG at fs/ext4/inode.c:2721!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 359 Comm: repro Not tainted 5.19.0-rc8-00001-g31ba1e3b8305-dirty #15\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\nRIP: 0010:ext4_writepages+0x363d/0x3660\nRSP: 0018:ffffc90000ccf260 EFLAGS: 00010293\nRAX: ffffffff81e1abcd RBX: 0000008000000000 RCX: ffff88810842a180\nRDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000\nRBP: ffffc90000ccf650 R08: ffffffff81e17d58 R09: ffffed10222c680b\nR10: dfffe910222c680c R11: 1ffff110222c680a R12: ffff888111634128\nR13: ffffc90000ccf880 R14: 0000008410000000 R15: 0000000000000001\nFS: 00007f72635d2640(0000) GS:ffff88811b000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565243379180 CR3: 000000010aa74000 CR4: 0000000000150eb0\nCall Trace:\n <TASK>\n do_writepages+0x397/0x640\n filemap_fdatawrite_wbc+0x151/0x1b0\n file_write_and_wait_range+0x1c9/0x2b0\n ext4_sync_file+0x19e/0xa00\n vfs_fsync_range+0x17b/0x190\n ext4_buffered_write_iter+0x488/0x530\n ext4_file_write_iter+0x449/0x1b90\n vfs_write+0xbcd/0xf40\n ksys_write+0x198/0x2c0\n __x64_sys_write+0x7b/0x90\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n </TASK>\n\nFix the problem by clearing EXT4_STATE_MAY_INLINE_DATA when we are doing\ndirect IO write to a file."}], "id": "CVE-2022-50435", "lastModified": "2025-10-01T12:15:35.427", "metrics": {}, "published": "2025-10-01T12:15:35.427", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3b31cc533665899965e351aae6cc3c3f3b9cc076"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/43ed16910af200e2fcfe16986bee1a67fba94992"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4bb26f2885ac6930984ee451b952c5a6042f2c0e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/59b108630a4987f71e1dc1dc50b8062e992b49c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/771f15782d95760cde352c8d4bfd6f2c70719568"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/89db2b50469bdbccb06ab072096d9d403124abac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a22f52d883313bbfaf864669c14003f9456d4f8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d8e4af8314df54d94cf2a541cf9c8626afe81d41"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb98cb61efff3b2a1964939465ccaaf906af1d4f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: ext4: avoid crash when inline data creation follows DIO write", "id": "2400774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400774"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2022-50435", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50435\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50435\nhttps://lore.kernel.org/linux-cve-announce/2025100159-CVE-2022-50435-f6c4@gregkh/T"], "threat_severity": "Moderate"}

{}