PT-2024-11870 · Linux+4 · Linux Kernel+4
Syzbot
·
Published
2022-11-19
·
Updated
2025-09-29
·
CVE-2022-49007
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb
Description
A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the nilfs2 file system. This issue occurs when the DAT metadata file is corrupted on disk, causing a NULL pointer dereference in the
nilfs palloc commit free entry() function. The vulnerability is triggered during a b-tree operation that updates ancestor nodes of the b-tree. The issue leads to a crash and can be exploited to cause a denial of service.Technical details about exploitation include:
- The
nilfs dat commit end()function callsnilfs dat commit free()without valid buffer heads inreq->pr desc bhandreq->pr bitmap bh. - The
nilfs palloc commit free entry()function is vulnerable to a NULL pointer dereference. - The issue can be triggered by corrupting the DAT metadata file on disk.
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the NULL pointer dereference in
nilfs palloc commit free entry().
As a temporary workaround, consider disabling the nilfs palloc commit free entry() function until a patch is available.
Restrict access to the nilfs2 file system to minimize the risk of exploitation.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linux Kernel
Red Os
Suse