CVE-2022-50377

18.09.2025, 14:15

In the Linux kernel, the following vulnerability has been resolved:

ext4: check and assert if marking an no_delete evicting inode dirty

In ext4_evict_inode(), if we evicting an inode in the 'no_delete' path,
it cannot be raced by another mark_inode_dirty(). If it happens,
someone else may accidentally dirty it without holding inode refcount
and probably cause use-after-free issues in the writeback procedure.
It's indiscoverable and hard to debug, so add an WARN_ON_ONCE() to
check and detect this issue in advance.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.41-1 fixed
forky	6.16.7-1 fixed
sid	6.16.7-1 fixed

References

https://git.kernel.org/stable/c/0c026f975d24701766cf4ac63995ead9f6d57a59

https://git.kernel.org/stable/c/318cdc822c63b6e2befcfdc2088378ae6fa18def

https://git.kernel.org/stable/c/9020f56a3cad1c97b81c7dab2aa67027b59c8f73

https://git.kernel.org/stable/c/91009e361e8cb2cbd1dc9496cb5fb4f8de3f4b11

https://git.kernel.org/stable/c/f1ec687ebd1bf146333955b7e209d21508c3ba9f