CVE-2022-49425

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it (cur->page in this case) could load an out-of-bounds/undefined value making it unsafe to use that in the comparision to determine if the specific element was found. Since 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that by chance (or intention of an attacker) it matches the value of 'page' even though the correct element was not found. This is fixed by using a separate list iterator variable for the loop and only setting the original variable if a suitable element was found. Then determing if the element was found is simply checking if the variable is set.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2aaf51dd39afb6d01d13f1e6fe20b684733b37d5	Patch
https://git.kernel.org/stable/c/385edd3ce5b4b1e9d31f474a5e35a39779ec1110	Patch
https://git.kernel.org/stable/c/45b2b7d7108ae1e25a5036cab04ab9273e792332	Patch
https://git.kernel.org/stable/c/51d584704d18e60fa473823654f35611c777b291	Patch
https://git.kernel.org/stable/c/5e47a7add3dda7f236548c5ec3017776dc2a729f	Patch
https://git.kernel.org/stable/c/b26e1c777890e4b938136deb8ec07a29f33862e4	Patch
https://git.kernel.org/stable/c/ed7efc472c00986dcd6903ab6ed165c7fa167674	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-02-26 07:01

Updated : 2025-10-22 17:28

NVD link : CVE-2022-49425

Mitre link : CVE-2022-49425

CVE.ORG link : CVE-2022-49425

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2022-49425", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:18.977", "references": [{"url": "https://git.kernel.org/stable/c/2aaf51dd39afb6d01d13f1e6fe20b684733b37d5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/385edd3ce5b4b1e9d31f474a5e35a39779ec1110", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/45b2b7d7108ae1e25a5036cab04ab9273e792332", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/51d584704d18e60fa473823654f35611c777b291", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5e47a7add3dda7f236548c5ec3017776dc2a729f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b26e1c777890e4b938136deb8ec07a29f33862e4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ed7efc472c00986dcd6903ab6ed165c7fa167674", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix dereference of stale list iterator after loop body\n\nThe list iterator variable will be a bogus pointer if no break was hit.\nDereferencing it (cur->page in this case) could load an out-of-bounds/undefined\nvalue making it unsafe to use that in the comparision to determine if the\nspecific element was found.\n\nSince 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that\nby chance (or intention of an attacker) it matches the value of 'page'\neven though the correct element was not found.\n\nThis is fixed by using a separate list iterator variable for the loop\nand only setting the original variable if a suitable element was found.\nThen determing if the element was found is simply checking if the\nvariable is set."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: se corrige la desreferencia del iterador de lista obsoleto despu\u00e9s del cuerpo del bucle La variable del iterador de lista ser\u00e1 un puntero falso si no se alcanz\u00f3 ninguna interrupci\u00f3n. Desreferenciarlo (cur->page en este caso) podr\u00eda cargar un valor fuera de los l\u00edmites/indefinido, lo que hace que no sea seguro usarlo en la comparaci\u00f3n para determinar si se encontr\u00f3 el elemento espec\u00edfico. Dado que 'cur->page' *puede* estar fuera de los l\u00edmites, no se puede garantizar que por casualidad (o intenci\u00f3n de un atacante) coincida con el valor de 'page' aunque no se haya encontrado el elemento correcto. Esto se soluciona utilizando una variable de iterador de lista separada para el bucle y solo configurando la variable original si se encontr\u00f3 un elemento adecuado. Luego, determinar si se encontr\u00f3 el elemento es simplemente verificar si la variable est\u00e1 configurada."}], "lastModified": "2025-10-22T17:28:28.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14D48FB4-4920-47B2-961A-E24AFEC157E4", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34ACD872-E5BC-401C-93D5-B357A62426E0", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}