CVE-2022-50344
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_filesystem+0x89/0xf0 generic_shutdown_super+0x79/0x3e0 kill_block_super+0xa1/0x110 deactivate_locked_super+0xac/0x130 deactivate_super+0xb6/0xd0 cleanup_mnt+0x289/0x400 __cleanup_mnt+0x16/0x20 task_work_run+0x11c/0x1c0 exit_to_user_mode_prepare+0x203/0x210 syscall_exit_to_user_mode+0x5b/0x3a0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ================================================================== Above issue may happen as follows: ------------------------------------- exit_to_user_mode_prepare task_work_run __cleanup_mnt cleanup_mnt deactivate_super deactivate_locked_super kill_block_super generic_shutdown_super shrink_dcache_for_umount dentry = sb->s_root sb->s_root = NULL <--- Here set NULL sync_filesystem __sync_filesystem sb->s_op->sync_fs > ext4_sync_fs dquot_writeback_dquots sb->dq_op->write_info > ext4_write_info ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2) d_inode(sb->s_root) s_root->d_inode <--- Null pointer dereference To solve this problem, we use ext4_journal_start_sb directly to avoid s_root being used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-01
Generated
2026-05-06
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50344
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.9.331 (exc)
linux linux_kernel From 4.10 (inc) to 4.14.296 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.262 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.220 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.150 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a null pointer dereference bug in the ext4 filesystem code of the Linux kernel. It occurs in the ext4_write_info function when the filesystem's root pointer (s_root) is set to NULL during unmount operations, but the code still attempts to access it, leading to a null pointer dereference and potential kernel crash. The fix involves changing the code to avoid using the s_root pointer directly by using ext4_journal_start_sb instead.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash or panic due to a null pointer dereference when unmounting an ext4 filesystem. This can lead to system instability, denial of service, or data loss if the system becomes unresponsive or crashes unexpectedly.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a null pointer dereference in the ext4_write_info function, which may cause kernel crashes or system instability. Detection can involve monitoring kernel logs for messages related to null pointer dereferences or KASAN reports similar to the provided stack trace. You can check the kernel logs using commands like 'dmesg | grep -i ext4' or 'journalctl -k | grep -i ext4' to look for related errors. Additionally, monitoring for system crashes or umount failures may indicate the presence of this issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version that includes the fix for this vulnerability, which avoids using s_root in ext4_journal_start_sb to prevent the null pointer dereference. Until an update is applied, avoid operations that trigger the vulnerable code path, such as unmounting ext4 filesystems under heavy quota or journal activity. Monitoring and limiting such operations can reduce the risk of triggering the bug.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart