CVE-2022-49834

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free bug has been identified in the nilfs2 filesystem. This issue occurs when a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if an emergency read-only remount is performed. In these cases, detaching a log writer and synchronizing the filesystem can happen simultaneously, leading to a use-after-free scenario. The bug is caused by the log writer (nilfs->ns writer) being freed by one task while another task is still accessing it. This patch fixes the issue by not detaching nilfs->ns writer on remount, preventing the UAF race.

Recommendations To resolve this issue, apply the patch that fixes the use-after-free bug by not detaching nilfs->ns writer on remount. Additionally, consider inserting necessary read-only checks with the superblock instance to ensure the filesystem is handled correctly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.