CVE-2022-50344

ext4: fix null-ptr-deref in ext4_write_info

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows:
==================================================================
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339
RIP: 0010:ext4_write_info+0x53/0x1b0
[...]
Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_filesystem+0x89/0xf0 generic_shutdown_super+0x79/0x3e0 kill_block_super+0xa1/0x110 deactivate_locked_super+0xac/0x130 deactivate_super+0xb6/0xd0 cleanup_mnt+0x289/0x400 __cleanup_mnt+0x16/0x20 task_work_run+0x11c/0x1c0 exit_to_user_mode_prepare+0x203/0x210 syscall_exit_to_user_mode+0x5b/0x3a0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ================================================================== Above issue may happen as follows:
-------------------------------------
exit_to_user_mode_prepare task_work_run __cleanup_mnt cleanup_mnt deactivate_super deactivate_locked_super kill_block_super generic_shutdown_super shrink_dcache_for_umount dentry = sb->s_root sb->s_root = NULL <--- Here set NULL sync_filesystem __sync_filesystem sb->s_op->sync_fs > ext4_sync_fs dquot_writeback_dquots sb->dq_op->write_info > ext4_write_info ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2) d_inode(sb->s_root) s_root->d_inode <--- Null pointer dereference To solve this problem, we use ext4_journal_start_sb directly
to avoid s_root being used.

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later.

*Credits: N/A

CVSS Scores

redhat-cnalrv3.1 4.7

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-09-16 CVE Reserved
2025-09-16 CVE Published
2025-09-17 CVE Updated
2025-11-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (11)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/dc451578446afd03c0c21913993c08898a691435	2022-10-26
https://git.kernel.org/stable/c/f4b5ff0b794aa94afac7269c494550ca2f66511b	2022-10-26
https://git.kernel.org/stable/c/947264e00c46de19a016fd81218118c708fed2f3	2022-10-26
https://git.kernel.org/stable/c/3638aa1c7d87c0ca0aef23cf58cae2c48e7daca4	2022-10-26
https://git.kernel.org/stable/c/f34ab95162763cd7352f46df169296eec28b688d	2022-10-26
https://git.kernel.org/stable/c/533c60a0b97cee5daab376933f486207e6680fb7	2022-10-26
https://git.kernel.org/stable/c/4a657319cfabd6199fd0b7b65bbebf6ded7a11c1	2022-10-24
https://git.kernel.org/stable/c/bb420e8afc854d2a1caaa23a0c129839acfb7888	2022-10-21
https://git.kernel.org/stable/c/f9c1f248607d5546075d3f731e7607d5571f2b60	2022-09-29

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-50344	2024-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=2395860	2024-05-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.331 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.331"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.296 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.296"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.262 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.262"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.220 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.150 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.75 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.19.17 Search vendor "Linux" for product "Linux Kernel" and version " < 5.19.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.0.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.0.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1"		en		Affected