CVE-2022-50277
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscrypt_limit_io_blocks() when the 'inlinecrypt' mount option is used. The problem is that when jbd2_journal_init_inode() calls bmap(), it eventually finds its way into ext4_iomap_begin(), which calls fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks() requires that if the inode is encrypted, then its encryption key must already be set up. That's not the case here, since the journal inode is never "opened" like a normal file would be. Hence the crash. A reproducer is: mkfs.ext4 -F /dev/vdb debugfs -w /dev/vdb -R "set_inode_field <8> flags 0x80808" mount /dev/vdb /mnt -o inlinecrypt To fix this, make ext4 consider journal inodes with the encrypt flag to be invalid. (Note, maybe other flags should be rejected on the journal inode too. For now, this is just the minimal fix for the above issue.) I've marked this as fixing the commit that introduced the call to fscrypt_limit_io_blocks(), since that's what made an actual crash start being possible. But this fix could be applied to any version of ext4 that supports the encrypt feature.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-03
Generated
2026-05-07
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50277
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.18 (inc) to 6.0.18 (exc)
linux linux_kernel From 6.1 (inc) to 6.1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ext4 filesystem when mounting a filesystem whose journal inode has the encrypt flag set and the 'inlinecrypt' mount option is used. The issue causes a NULL pointer dereference in the function fscrypt_limit_io_blocks() because the journal inode is not properly initialized with an encryption key as a normal file would be. This leads to a crash when the kernel tries to handle the encrypted journal inode incorrectly.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (NULL pointer dereference) when mounting an ext4 filesystem with an encrypted journal inode and the 'inlinecrypt' option. This can lead to system instability or denial of service due to the kernel crash.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your ext4 filesystem does not have the journal inode with the encrypt flag set. Avoid mounting ext4 filesystems with the 'inlinecrypt' option if the journal inode is improperly flagged. Applying the patch or update that rejects journal inodes with the encrypt flag is recommended to prevent the NULL dereference crash.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart