CVE - CVE-2022-49349

CVE-ID
CVE-2022-49349	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478 ext4_get_first_dir_block: *parent_de=0xffff88810beee6ae bh->b_data=0xffff88810bee6000 ext4_rename_dir_prepare: [1] parent_de=0xffff88810beee6ae ================================================================== BUG: KASAN: use-after-free in ext4_rename_dir_prepare+0x152/0x220 Read of size 4 at addr ffff88810beee6ae by task rep/1895 CPU: 13 PID: 1895 Comm: rep Not tainted 5.10.0+ #241 Call Trace: dump_stack+0xbe/0xf9 print_address_description.constprop.0+0x1e/0x220 kasan_report.cold+0x37/0x7f ext4_rename_dir_prepare+0x152/0x220 ext4_rename+0xf44/0x1ad0 ext4_rename2+0x11c/0x170 vfs_rename+0xa84/0x1440 do_renameat2+0x683/0x8f0 __x64_sys_renameat+0x53/0x60 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f45a6fc41c9 RSP: 002b:00007ffc5a470218 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f45a6fc41c9 RDX: 0000000000000005 RSI: 0000000020000180 RDI: 0000000000000005 RBP: 00007ffc5a470240 R08: 00007ffc5a470160 R09: 0000000020000080 R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000400bb0 R13: 00007ffc5a470320 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:00000000440015ce refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x10beee flags: 0x200000000000000() raw: 0200000000000000 ffffea00043ff4c8 ffffea0004325608 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88810beee580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88810beee600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88810beee680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88810beee700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88810beee780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== Disabling lock debugging due to kernel taint ext4_rename_dir_prepare: [2] parent_de->inode=3537895424 ext4_rename_dir_prepare: [3] dir=0xffff888124170140 ext4_rename_dir_prepare: [4] ino=2 ext4_rename_dir_prepare: ent->dir->i_ino=2 parent=-757071872 Reason is first directory entry which 'rec_len' is 34478, then will get illegal parent entry. Now, we do not check directory entry after read directory block in 'ext4_get_first_dir_block'. To solve this issue, check directory entry in 'ext4_get_first_dir_block'. [ Trigger an ext4_error() instead of just warning if the directory is missing a '.' or '..' entry. Also make sure we return an error code if the file system is corrupted. -TYT ]
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0be698ecbe4471fcad80e81ec6a05001421041b3 URL:https://git.kernel.org/stable/c/0be698ecbe4471fcad80e81ec6a05001421041b3 MISC:https://git.kernel.org/stable/c/0ff38b99fa075ddd246487a28cb9af049f4ceef1 URL:https://git.kernel.org/stable/c/0ff38b99fa075ddd246487a28cb9af049f4ceef1 MISC:https://git.kernel.org/stable/c/10801095224de0d0ab06ae60698680c1f883a3ae URL:https://git.kernel.org/stable/c/10801095224de0d0ab06ae60698680c1f883a3ae MISC:https://git.kernel.org/stable/c/1a3a15bf6f9963d755270cbdb282863b84839195 URL:https://git.kernel.org/stable/c/1a3a15bf6f9963d755270cbdb282863b84839195 MISC:https://git.kernel.org/stable/c/364380c00912bed9b5d99eb485018360b0ecf64f URL:https://git.kernel.org/stable/c/364380c00912bed9b5d99eb485018360b0ecf64f MISC:https://git.kernel.org/stable/c/4a2bea60cf7ff957b3eda0b17750d483876a02fa URL:https://git.kernel.org/stable/c/4a2bea60cf7ff957b3eda0b17750d483876a02fa MISC:https://git.kernel.org/stable/c/97f802a652a749422dede32071d29a53cf4bd034 URL:https://git.kernel.org/stable/c/97f802a652a749422dede32071d29a53cf4bd034 MISC:https://git.kernel.org/stable/c/dd887f83ea54aea5b780a84527e23ab95f777fed URL:https://git.kernel.org/stable/c/dd887f83ea54aea5b780a84527e23ab95f777fed MISC:https://git.kernel.org/stable/c/eaecf7ebfd5dd09038a80b14be46b844f54cfc5c URL:https://git.kernel.org/stable/c/eaecf7ebfd5dd09038a80b14be46b844f54cfc5c
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)