CVE-2022-50436

Summary

In the Linux kernel, the following vulnerability has been resolved:

ext4: don't set up encryption key during jbd2 transaction

Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature") extended the scope of the transaction in ext4_unlink() too far, making it include the call to ext4_find_entry(). However, ext4_find_entry() can deadlock when called from within a transaction because it may need to set up the directory's encryption key.

Fix this by restoring the transaction to its original scope.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa80f7fcf18672ae4971a6b713b58c0d389aa99fe < 23ad034760dd38e12b0e0e1b28b9629f330810a1affected
LinuxLinuxa80f7fcf18672ae4971a6b713b58c0d389aa99fe < 6220ec405571ded17efedc56587190b542adf246affected
LinuxLinuxa80f7fcf18672ae4971a6b713b58c0d389aa99fe < 206dd3acfb9bca54a25b228c7c7c2257eedde09baffected
LinuxLinuxa80f7fcf18672ae4971a6b713b58c0d389aa99fe < 1ba993208bcfd691e241483420a2a761d3f15750affected
LinuxLinuxa80f7fcf18672ae4971a6b713b58c0d389aa99fe < 4c0d5778385cb3618ff26a561ce41de2b7d9de70affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.87 <= 5.15.*unaffected
LinuxLinux6.0.18 <= 6.0.*unaffected
LinuxLinux6.1.4 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References