CVE-2022-49349

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0+

Description A use-after-free issue has been identified in the ext4 rename dir prepare function of the Linux kernel. This issue arises when the first directory entry's 'rec len' is 34478, resulting in an illegal parent entry. The problem occurs because the directory entry is not checked after reading the directory block in 'ext4 get first dir block'. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited.

Recommendations To resolve this issue, check the directory entry in 'ext4 get first dir block' to prevent the use-after-free error. As a temporary workaround, consider disabling the ext4 rename dir prepare function until a patch is available. However, the provided information does not specify a fixed version, so the recommendation is to update to a version where this issue has been resolved, but the exact version is not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.