CVE-2022-50217

Summary

In the Linux kernel, the following vulnerability has been resolved:

fuse: write inode in fuse_release()

A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released.

This is a partial revert of the blamed commit.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux36ea23374d1f7b6a9d96a2b61d38830fdf23e45d < 5ccb0420b7c9334ab8122037847101931b899301affected
LinuxLinux36ea23374d1f7b6a9d96a2b61d38830fdf23e45d < 4bd9d5d20f344d015422969302d12653c903c271affected
LinuxLinux36ea23374d1f7b6a9d96a2b61d38830fdf23e45d < 035ff33cf4db101250fb980a3941bf078f37a544affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.18.18 <= 5.18.*unaffected
LinuxLinux5.19.2 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References