| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061841-CVE-2022-50205-4197@gregkh> Date: Wed, 18 Jun 2025 13:04:30 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50205: ext2: Add more validity checks for inode counts From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matches the number computed from number of inodes per group. Also verify we have at least one block worth of inodes per group. This prevents crashes on corrupted filesystems. The Linux kernel CVE team has assigned CVE-2022-50205 to this issue. Affected and fixed versions =========================== Fixed in 4.14.291 with commit 0bcdc31094a12b4baf59e241feabc9787cf635fa Fixed in 4.19.256 with commit 07303a9abe3a997d9864fb4315e34b5acfe8fc25 Fixed in 5.4.211 with commit b3f423683818cfe15de14d5d9dff44148ff16bbf Fixed in 5.10.137 with commit d08bb199a406424a8ed0009efdf41710e6d849ee Fixed in 5.15.61 with commit 96b18d3a1be0354ccce43f0ef61b5a3d7e432552 Fixed in 5.18.18 with commit 7a48fdc88a3c35e046a6a0a38eba00f21c65b16e Fixed in 5.19.2 with commit 5e63c5fe9123fa76ffaeff26c211308736ec3a07 Fixed in 6.0 with commit fa78f336937240d1bc598db817d638086060e7e9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50205 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ext2/super.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0bcdc31094a12b4baf59e241feabc9787cf635fa https://git.kernel.org/stable/c/07303a9abe3a997d9864fb4315e34b5acfe8fc25 https://git.kernel.org/stable/c/b3f423683818cfe15de14d5d9dff44148ff16bbf https://git.kernel.org/stable/c/d08bb199a406424a8ed0009efdf41710e6d849ee https://git.kernel.org/stable/c/96b18d3a1be0354ccce43f0ef61b5a3d7e432552 https://git.kernel.org/stable/c/7a48fdc88a3c35e046a6a0a38eba00f21c65b16e https://git.kernel.org/stable/c/5e63c5fe9123fa76ffaeff26c211308736ec3a07 https://git.kernel.org/stable/c/fa78f336937240d1bc598db817d638086060e7e9
Powered by blists - more mailing lists