CVE-2022-48631

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc8+

Description A bug in the Linux kernel's ext4 file system has been resolved. The issue occurred when parsing extents and the number of entries (eh->eh entries) was zero, but the depth (eh depth) was greater than zero. This led to problems because EXT FIRST INDEX() and EXT LAST INDEX() returned garbage values, resulting in a kernel bug. The patch adds an extra check in ext4 ext check() to verify that eh entries is not zero when eh depth is greater than zero.

Recommendations To resolve this issue, update the Linux kernel to a version newer than 5.19.0-rc8+. As a temporary workaround, consider disabling the ext4 ext binsearch idx() function until a patch is available. However, this is not a recommended solution as it may cause other issues. The best course of action is to update the kernel to a version that includes the fix for this vulnerability.