CVE-2022-50300
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix extent map use-after-free when handling missing device in read_one_chunk
Store the error code before freeing the extent_map. Though it's reference counted structure, in that function it's the first and last allocation so this would lead to a potential use-after-free.
The error can happen eg. when chunk is stored on a missing device and the degraded mount option is missing.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216721
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | adfb69af7d8cb6a3958f75aad1ef4bc96891d116 < b8e7ed42bc3ca0d0e4191ee394d34962d3624c22 | affected |
| Linux | Linux | adfb69af7d8cb6a3958f75aad1ef4bc96891d116 < fce3713197ebba239e1c7e02174ed216ea1ee014 | affected |
| Linux | Linux | adfb69af7d8cb6a3958f75aad1ef4bc96891d116 < 169a4cf46882974d4db6d85eb623ec898e51bbc0 | affected |
| Linux | Linux | adfb69af7d8cb6a3958f75aad1ef4bc96891d116 < 1742e1c90c3da344f3bb9b1f1309b3f47482756a | affected |
| Linux | Linux | 4.15 | affected |
| Linux | Linux | 0 < 4.15 | unaffected |
| Linux | Linux | 5.15.87 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.18 <= 6.0.* | unaffected |
| Linux | Linux | 6.1.4 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b8e7ed42bc3ca0d0e4191ee394d34962d3624c22
- https://git.kernel.org/stable/c/fce3713197ebba239e1c7e02174ed216ea1ee014
- https://git.kernel.org/stable/c/169a4cf46882974d4db6d85eb623ec898e51bbc0
- https://git.kernel.org/stable/c/1742e1c90c3da344f3bb9b1f1309b3f47482756a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.