CVE-2022-49274

ocfs2: fix crash when mount with quota enabled

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix crash when mount with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2] Call Trace: ocfs2_local_read_info+0xb9/0x6f0 [ocfs2] dquot_load_quota_sb+0x216/0x470 dquot_load_quota_inode+0x85/0x100 ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2] ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_mount+0x465/0xac0 __x64_sys_mount+0x103/0x140 It is caused by when initializing dqi_gqlock, the corresponding dqi_type
and dqi_sb are not properly initialized. This issue is introduced by commit 6c85c2c72819, which wants to avoid
accessing uninitialized variables in error cases. So make global quota
info properly initialized.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/6c85c2c728193d19d6a908ae9fb312d0325e65ca	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7c5312fdb1dcfdc1951b018669af88d5d6420b31	2022-04-08
https://git.kernel.org/stable/c/01931e1c4e3de5d777253acae64c0e8fd071a1dd	2022-04-08
https://git.kernel.org/stable/c/eda31f77317647b9fbf889779ee1fb6907651865	2022-04-08
https://git.kernel.org/stable/c/de19433423c7bedabbd4f9a25f7dbc62c5e78921	2022-04-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.16.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.17.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.17.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.18"		en		Affected