CVE-2022-48712

Summary

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix error handling in ext4_fc_record_modified_inode()

Current code does not fully takes care of krealloc() error case, which could lead to silent memory corruption or a kernel bug. This patch fixes that.

Also it cleans up some duplicated error handling logic from various functions in fast_commit.c file.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < 62e46e0ffc02daa8fcfc02f7a932cc8a19601b19affected
LinuxLinux8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < 1b6762ecdf3cf12113772427c904aa3c420a1802affected
LinuxLinux8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < 14aa3f49c7fc6424763f4323bfbc3a807b0727dcaffected
LinuxLinux8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 < cdce59a1549190b66f8e3fe465c2b2f714b98a94affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.99 <= 5.10.*unaffected
LinuxLinux5.15.22 <= 5.15.*unaffected
LinuxLinux5.16.8 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References