CVE-2022-50638

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-next-20221007-dirty #349

Description A flaw exists in the Linux kernel related to the handling of boot loader inodes. Specifically, a bug in the es tree search function within the ext4 filesystem can occur when a bad boot loader inode is encountered. This issue arises when the swap inode boot loader function swaps inodes, and the boot loader inode contains incorrect information, such as an invalid imode or disordered extents. The extents check in the ext4 iget function can be bypassed because the inode number is EXT4 BOOT LOADER INO. This can lead to a kernel panic when attempting to access the swapped inode, as demonstrated by a bug triggered during a cat command on the affected inode. The issue can be triggered when the boot loader inode's imode is not S IFREG or is marked as a bad inode.

Recommendations Update the Linux kernel to version 6.0.0-next-20221007-dirty #349 or later.