Vulnerability in the Linux Kernel: ext4 Filesystem Handling Issues
CVE-2022-50346
What is CVE-2022-50346?
A defect in the Linux kernel's ext4 filesystem has been identified, specifically related to the ext4_rename function. The issue occurs when old.inode is not initialized correctly, leading to potential modifications of ctime and marking the inode as dirty. This mismanagement can trigger a process to expand extra_isize and allocate blocks incorrectly, which may result in warnings during inode operations. The bug was identified by Syzbot, highlighting the importance of initializing quota for old.inode prior to execution. The resolution to this vulnerability involves ensuring proper initialization in the ext4_rename function to maintain filesystem integrity and avoid unexpected behaviors.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 33fd7031d634f3b46e59f61adfbb0ea9fe514fef
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7dfb8259f66faafa68d23a261b284d2c2c67649b