Use-After-Free Vulnerability in Linux Kernel's JBD2 Component
CVE-2022-50328

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50328?

A vulnerability exists in the Linux kernel within the JBD2 subsystem that may lead to a use-after-free condition. Specifically, in the function 'jbd2_fc_wait_bufs', the code improperly uses the 'bh' variable after it has been released. This oversight could potentially expose a system to security risks if the buffer head reference count is not handled correctly. Implementing a check on the buffer's uptodate status before modifying the reference count is essential to mitigate this risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1d4d16daec2a6689b6d3fbfc7d2078643adc6619

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2e6d9f381c1ed844531a577783fc352de7a44c8a

References

https://git.kernel.org/stable/c/1d4d16daec2a6689b6d3fbfc7...

https://git.kernel.org/stable/c/d11d2ded293976a1a0d9d9471...

https://git.kernel.org/stable/c/2e6d9f381c1ed844531a57778...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025