PT-2025-13281 · Linux+4 · Linux Kernel+4

Published

2023-05-09

Updated

2025-05-29

CVE-2022-49739

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the gfs2 file system. The issue involves checking the inode size of inline inodes to prevent on-disk corruption when reading inodes from disk. Specifically, the function gfs2 dinode in() now checks if the inode size is within the allowed range. Additionally, two checks in stuffed readpage() and gfs2 unstuffer page() that truncated inline data to the maximum allowed size have been removed as they were unnecessary.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-06291

CVE-2022-49739

OPENSUSE-SU-2025_1195-1

OPENSUSE-SU-2025_1263-1

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1195-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1195-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Red Os

Suse

PT-2025-13281 · Linux+4 · Linux Kernel+4

CVE-2022-49739

Weakness Enumeration

Related Identifiers

Affected Products

References · 1349