CVE-2022-50205

Summary

In the Linux kernel, the following vulnerability has been resolved:

ext2: Add more validity checks for inode counts

Add checks verifying number of inodes stored in the superblock matches the number computed from number of inodes per group. Also verify we have at least one block worth of inodes per group. This prevents crashes on corrupted filesystems.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0bcdc31094a12b4baf59e241feabc9787cf635faaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 07303a9abe3a997d9864fb4315e34b5acfe8fc25affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b3f423683818cfe15de14d5d9dff44148ff16bbfaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d08bb199a406424a8ed0009efdf41710e6d849eeaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 96b18d3a1be0354ccce43f0ef61b5a3d7e432552affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7a48fdc88a3c35e046a6a0a38eba00f21c65b16eaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5e63c5fe9123fa76ffaeff26c211308736ec3a07affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fa78f336937240d1bc598db817d638086060e7e9affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.14.291 <= 4.14.*unaffected
LinuxLinux4.19.256 <= 4.19.*unaffected
LinuxLinux5.4.211 <= 5.4.*unaffected
LinuxLinux5.10.137 <= 5.10.*unaffected
LinuxLinux5.15.61 <= 5.15.*unaffected
LinuxLinux5.18.18 <= 5.18.*unaffected
LinuxLinux5.19.2 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References