CVE-2022-50673
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read of size 8 at addr ffff88814b13f378 by task mount/710 CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370 Call Trace: <TASK> dump_stack_lvl+0x73/0x9f print_report+0x25d/0x759 kasan_report+0xc0/0x120 __asan_load8+0x99/0x140 __list_add_valid+0x28/0x1a0 ext4_orphan_cleanup+0x564/0x9d0 [ext4] __ext4_fill_super+0x48e2/0x5300 [ext4] ext4_fill_super+0x19f/0x3a0 [ext4] get_tree_bdev+0x27b/0x450 ext4_get_tree+0x19/0x30 [ext4] vfs_get_tree+0x49/0x150 path_mount+0xaae/0x1350 do_mount+0xe2/0x110 __x64_sys_mount+0xf0/0x190 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK> [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_fill_super ext4_orphan_cleanup --- loop1: assume last_orphan is 12 --- list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan) ext4_truncate --> return 0 ext4_inode_attach_jinode --> return -ENOMEM iput(inode) --> free inode<12> --- loop2: last_orphan is still 12 --- list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan); // use inode<12> and trigger UAF To solve this issue, we need to propagate the return value of ext4_inode_attach_jinode() appropriately.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50673
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free bug in the Linux kernel's ext4 filesystem code, specifically in the ext4_orphan_cleanup function. It occurs when the system improperly handles inode structures during cleanup, leading to a situation where a freed inode is accessed again, causing memory corruption or crashes.

Impact Analysis

This vulnerability can cause system instability, crashes, or potential memory corruption when mounting or handling ext4 filesystems. It may lead to denial of service or unexpected behavior in systems using the affected Linux kernel versions.

Detection Guidance

This vulnerability is a use-after-free bug in the ext4 filesystem code within the Linux kernel, specifically in ext4_orphan_cleanup. Detection would involve monitoring kernel logs for KASAN (Kernel Address Sanitizer) reports indicating use-after-free errors related to ext4, such as messages containing 'BUG: KASAN: use-after-free in __list_add_valid' or similar stack traces. You can check kernel logs using commands like 'dmesg | grep -i kasan' or 'journalctl -k | grep -i kasan'. Additionally, running the kernel with KASAN enabled can help detect such issues during testing.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this ext4 use-after-free vulnerability has been fixed. Since the issue is in the kernel ext4 code, applying the patch that propagates the return value of ext4_inode_attach_jinode() correctly will resolve the problem. Until then, avoid mounting ext4 filesystems that might trigger this bug, or use alternative filesystems if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50673. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart