CVE-2022-50067

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free bug has been identified in the Linux kernel, specifically in the btrfs file system. The issue arises when the btrfs commit transaction() function fails, causing the reloc ctl variable to be freed without being set to NULL. This can lead to a use-after-free bug when the btrfs init reloc root() function is called. The bug can be triggered by calling btrfs ioctl balance() before btrfs ioctl defrag(). Technical details include the involvement of prepare to relocate(), set reloc control(), and unset reloc control() functions, as well as the fs info->reloc ctl variable.

Recommendations To fix this issue, in prepare to relocate(), check if btrfs commit transaction() fails. If the failure occurs, call unset reloc control() to set fs info->reloc ctl to NULL. At the moment, there is no information about a newer version that contains a fix for this vulnerability.