CVE-2022-49739

In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9	Patch
https://git.kernel.org/stable/c/46c9088cabd4d0469fdb61ac2a9c5003057fe94d	Patch
https://git.kernel.org/stable/c/4d4cb76636134bf9a0c9c3432dae936f99954586	Patch
https://git.kernel.org/stable/c/70376c7ff31221f1d21db5611d8209e677781d3a	Patch
https://git.kernel.org/stable/c/7c414f6f06e9a3934901b6edc3177ae5a1e07094	Patch
https://git.kernel.org/stable/c/d458a0984429c2d47e60254f5bc4119cbafe83a2	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-03-27 17:15

Updated : 2025-10-30 15:36

NVD link : CVE-2022-49739

Mitre link : CVE-2022-49739

CVE.ORG link : CVE-2022-49739

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-49739", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-03-27T17:15:38.460", "references": [{"url": "https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/46c9088cabd4d0469fdb61ac2a9c5003057fe94d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4d4cb76636134bf9a0c9c3432dae936f99954586", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/70376c7ff31221f1d21db5611d8209e677781d3a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7c414f6f06e9a3934901b6edc3177ae5a1e07094", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d458a0984429c2d47e60254f5bc4119cbafe83a2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Always check inode size of inline inodes\n\nCheck if the inode size of stuffed (inline) inodes is within the allowed\nrange when reading inodes from disk (gfs2_dinode_in()). This prevents\nus from on-disk corruption.\n\nThe two checks in stuffed_readpage() and gfs2_unstuffer_page() that just\ntruncate inline data to the maximum allowed size don't actually make\nsense, and they can be removed now as well."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: Comprobar siempre el tama\u00f1o de los inodos en l\u00ednea. Se comprueba si el tama\u00f1o de los inodos rellenos (en l\u00ednea) est\u00e1 dentro del rango permitido al leer inodos del disco (gfs2_dinode_in()). Esto evita la corrupci\u00f3n en disco. Las dos comprobaciones en stuffed_readpage() y gfs2_unstuffer_page(), que simplemente truncan los datos en l\u00ednea al tama\u00f1o m\u00e1ximo permitido, no tienen sentido y tambi\u00e9n se pueden eliminar."}], "lastModified": "2025-10-30T15:36:58.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B4DFEC-E739-4EBC-945F-0269BB721A1A", "versionEndExcluding": "4.19.280"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C5F51A3-AEBF-4E51-AA58-D8C8B4554A86", "versionEndExcluding": "5.4.240", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FED8369-E7A1-48C6-9700-6ADEDEC371F7", "versionEndExcluding": "5.10.177", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98FAC10E-42A0-4372-B1A0-A49CF672890E", "versionEndExcluding": "5.15.93", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "535D03F4-DA02-49FE-934E-668827E6407B", "versionEndExcluding": "6.1.11", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}