CVE-2022-50346

EUVD-2022-55616
In the Linux kernel, the following vulnerability has been resolved:

ext4: init quota for 'old.inode' in 'ext4_rename'

Syzbot found the following issue:
ext4_parse_param: s_want_extra_isize=128
ext4_inode_info_init: s_want_extra_isize=32
ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828
__ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128
__ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128
ext4_xattr_block_set: inode=ffff88823869a2c8
------------[ cut here ]------------
WARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4_xattr_block_set.cold+0x22/0x980
Modules linked in:
RIP: 0010:ext4_xattr_block_set.cold+0x22/0x980
RSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000
RDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178
RBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e
R10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000
R13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000
FS:  00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ? ext4_xattr_set_entry+0x3b7/0x2320
 ? ext4_xattr_block_set+0x0/0x2020
 ? ext4_xattr_set_entry+0x0/0x2320
 ? ext4_xattr_check_entries+0x77/0x310
 ? ext4_xattr_ibody_set+0x23b/0x340
 ext4_xattr_move_to_block+0x594/0x720
 ext4_expand_extra_isize_ea+0x59a/0x10f0
 __ext4_expand_extra_isize+0x278/0x3f0
 __ext4_mark_inode_dirty.cold+0x347/0x410
 ext4_rename+0xed3/0x174f
 vfs_rename+0x13a7/0x2510
 do_renameat2+0x55d/0x920
 __x64_sys_rename+0x7d/0xb0
 do_syscall_64+0x3b/0xa0
 entry_SYSCALL_64_after_hwframe+0x72/0xdc

As 'ext4_rename' will modify 'old.inode' ctime and mark inode dirty,
which may trigger expand 'extra_isize' and allocate block. If inode
didn't init quota will lead to warning.  To solve above issue, init
'old.inode' firstly in 'ext4_rename'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
< 4.9.337
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.303
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.270
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.229
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.163
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.87
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.18
linuxlinux_kernel
6.1 ≤
𝑥
< 6.1.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-64kb
suse enterprise server 15 SP4
5.14.21-150400.24.179.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.179.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-default-base
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.179.1.150400.24.92.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1.150500.6.59.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
kernel-obs-build
suse enterprise server 15 SP4
5.14.21-150400.24.179.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-source
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.24.179.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-zfcpdump
suse enterprise server 15 SP4
5.14.21-150400.24.179.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.275.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP4
5.14.21-150400.24.179.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bpftool
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:7.3.0-427.13.1.el9_4
fixed
kernel
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug-devel
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug-devel-matched
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug-modules
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-debug-modules-extra
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-devel
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-devel-matched
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-modules
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-64k-modules-extra
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-abi-stablelists
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-core
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-core
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-devel
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-devel-matched
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-modules
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-modules-extra
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-debug-uki-virt
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-devel
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-devel-matched
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-doc
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-modules
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-modules-extra
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug-devel
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug-kvm
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug-modules
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-debug-modules-extra
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-devel
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-kvm
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-modules
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-rt-modules-extra
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-tools
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-tools-libs
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-tools-libs-devel
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-uki-virt
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump-core
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump-devel
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump-devel-matched
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump-modules
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump-modules-core
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
kernel-zfcpdump-modules-extra
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
libperf
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
perf
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
python3-perf
RHEL 8
0:4.18.0-553.el8_10
fixed
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
rtla
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
rv
RHEL 9
0:5.14.0-427.13.1.el9_4
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
kernel
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-debuginfo
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-debuginfo-common-aarch64
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-debuginfo-common-x86_64
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-devel
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-headers
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-livepatch-4.14.304-226.531
Amazon Linux 2
0:1.0-0.amzn2
fixed
kernel-tools
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-tools-debuginfo
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
kernel-tools-devel
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
perf
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
perf-debuginfo
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
python-perf
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed
python-perf-debuginfo
Amazon Linux 2
0:4.14.304-226.531.amzn2
fixed