CVE-2022-50428
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several very strange constraints on how fast-commit blocks are filled with tlv entries: - tlvs must start at least 10 bytes before the end of the block, even though the minimum tlv length is 8. Otherwise, the replay code will ignore them. (BUG: ext4_fc_reserve_space() could violate this requirement if called with a len of blocksize - 9 or blocksize - 8. Fortunately, this doesn't seem to happen currently.) - tlvs must end at least 1 byte before the end of the block. Otherwise the replay code will consider them to be invalid. This quirk contributed to a bug (fixed by an earlier commit) where uninitialized memory was being leaked to disk in the last byte of blocks. Also, strangely these constraints don't apply to the replay code in e2fsprogs, which will accept any tlvs in the blocks (with no bounds checks at all, but that is a separate issue...). Given that this all seems to be a bug, let's fix it by just filling blocks with tlv entries in the natural way. Note that old kernels will be unable to replay fast-commit journals created by kernels that have this commit.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-05-07
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50428
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves off-by-one errors in how the Linux kernel's ext4 filesystem fills fast-commit blocks with tlv (type-length-value) entries. Due to these errors, there are unusual constraints on where tlvs can be placed within a block, such as needing to start at least 10 bytes before the block's end and end at least 1 byte before the block's end. These constraints can cause the replay code to ignore or consider tlvs invalid, potentially leading to bugs like uninitialized memory being leaked to disk. The issue arises from inconsistencies in the code and design changes that were not fully implemented.


How can this vulnerability impact me? :

The impact of this vulnerability includes potential data integrity issues due to the improper handling of fast-commit blocks in the ext4 filesystem. Specifically, tlv entries may be ignored or considered invalid during replay, which could lead to unexpected behavior or data corruption. Additionally, there was a related bug where uninitialized memory could be leaked to disk, which might expose sensitive information. Also, older kernels will not be able to replay fast-commit journals created by kernels with the fix, potentially causing compatibility issues.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version that includes the fix for the off-by-one errors in fast-commit block filling in ext4. This will ensure that the fast-commit journals are correctly handled and prevent issues related to invalid tlv entries and potential data corruption or leaks.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart