CVE-2022-50485
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-04

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode There are many places that will get unhappy (and crash) when ext4_iget() returns a bad inode. However, if iget the boot loader inode, allows a bad inode to be returned, because the inode may not be initialized. This mechanism can be used to bypass some checks and cause panic. To solve this problem, we add a special iget flag EXT4_IGET_BAD. Only with this flag we'd be returning bad inode from ext4_iget(), otherwise we always return the error code if the inode is bad inode.(suggested by Jan Kara)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2025-10-04
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50485
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's ext4 filesystem involves the ext4_iget() function potentially returning a bad inode, especially when iget is called on the boot loader inode. A bad inode may not be properly initialized, which can bypass certain checks and cause the system to panic or crash. To fix this, a new flag EXT4_IGET_BAD was introduced so that bad inodes are only returned when this flag is explicitly used; otherwise, an error code is returned if the inode is bad.

Impact Analysis

This vulnerability can cause system instability or crashes (panic) when the ext4_iget() function returns a bad inode unexpectedly. This can disrupt normal system operations, potentially leading to downtime or data access issues.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50485. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart