CVE-2022-49170: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operate a corrupted image - Reproduce tested on kernel 5.17-rc4, 5.17-rc6 1. mkdir test_crash 2. cd test_crash 3. unzip tmp2.zip 4. mkdir mnt 5. ./single_test.sh f2fs 2 - Kernel dump [ 46.434454] loop0: detected capacity change from 0 to 131072 [ 46.529839] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2d9 [ 46.738319] ================================================================================ [ 46.738412] UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 [ 46.738475] index 231 is out of range for type 'unsigned int [2]' [ 46.738539] CPU: 2 PID: 939 Comm: umount Not tainted 5.17.0-rc6 #1 [ 46.738547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 46.738551] Call Trace: [ 46.738556] <TASK> [ 46.738563] dump_stack_lvl+0x47/0x5c [ 46.738581] ubsan_epilogue+0x5/0x50 [ 46.738592] __ubsan_handle_out_of_bounds+0x68/0x80 [ 46.738604] f2fs_allocate_data_block+0xdff/0xe60 [f2fs] [ 46.738819] do_write_page+0xef/0x210 [f2fs] [ 46.738934] f2fs_do_write_node_page+0x3f/0x80 [f2fs] [ 46.739038] __write_node_page+0x2b7/0x920 [f2fs] [ 46.739162] f2fs_sync_node_pages+0x943/0xb00 [f2fs] [ 46.739293] f2fs_write_checkpoint+0x7bb/0x1030 [f2fs] [ 46.739405] kill_f2fs_super+0x125/0x150 [f2fs] [ 46.739507] deactivate_locked_super+0x60/0xc0 [ 46.739517] deactivate_super+0x70/0xb0 [ 46.739524] cleanup_mnt+0x11a/0x200 [ 46.739532] __cleanup_mnt+0x16/0x20 [ 46.739538] task_work_run+0x67/0xa0 [ 46.739547] exit_to_user_mode_prepare+0x18c/0x1a0 [ 46.739559] syscall_exit_to_user_mode+0x26/0x40 [ 46.739568] do_syscall_64+0x46/0xb0 [ 46.739584] entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is we missed to do sanity check on curseg->alloc_type, result in out-of-bound accessing on sbi->block_count[] array, fix it.
AI Analysis
Technical Summary
CVE-2022-49170 is a vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The flaw arises from a missing sanity check on the 'curseg->alloc_type' variable, which leads to an out-of-bounds array access on the 'sbi->block_count[]' array. Specifically, when mounting and operating on a corrupted F2FS image, the kernel can trigger an array-index-out-of-bounds error, as detected by the Undefined Behavior Sanitizer (UBSAN). The issue manifests in the function 'f2fs_allocate_data_block' within the segment.c source file. The vulnerability can cause kernel crashes or panics due to invalid memory access, potentially leading to denial of service (DoS). The root cause is the lack of validation on the allocation type index before it is used to access the block_count array, which can be manipulated by mounting a corrupted or maliciously crafted F2FS image. The vulnerability was identified and reported by Wenqing Liu and affects Linux kernel versions around 5.17-rc4 and 5.17-rc6. The fix involves adding proper sanity checks to prevent out-of-bounds access. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with vulnerable F2FS implementations, especially those using F2FS on flash storage devices. The impact includes potential denial of service through kernel crashes when mounting or operating on corrupted or malicious F2FS images. This could disrupt critical services, especially in environments relying on Linux-based infrastructure such as cloud providers, telecom operators, and embedded systems in industrial control or IoT devices. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting system instability could cause operational downtime and impact availability. Organizations using containerized environments or virtual machines with F2FS-backed storage should also consider the risk. Given the lack of known exploits, the immediate threat may be low, but the vulnerability could be leveraged in targeted attacks or combined with other exploits to increase impact.
Mitigation Recommendations
1. Apply the latest Linux kernel patches that include the fix for CVE-2022-49170 as soon as they become available from trusted sources or distributions. 2. Avoid mounting untrusted or corrupted F2FS images, especially from unknown or unverified sources. 3. Implement strict validation and scanning of file system images before deployment in production environments. 4. Monitor kernel logs for signs of UBSAN or out-of-bounds errors related to F2FS operations to detect potential exploitation attempts. 5. For embedded or specialized devices using F2FS, coordinate with vendors to ensure firmware or kernel updates are applied promptly. 6. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation risk. 7. Use container security best practices to limit the impact of kernel vulnerabilities, including running containers with minimal privileges and resource limits.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-49170: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operate a corrupted image - Reproduce tested on kernel 5.17-rc4, 5.17-rc6 1. mkdir test_crash 2. cd test_crash 3. unzip tmp2.zip 4. mkdir mnt 5. ./single_test.sh f2fs 2 - Kernel dump [ 46.434454] loop0: detected capacity change from 0 to 131072 [ 46.529839] F2FS-fs (loop0): Mounted with checkpoint version = 7548c2d9 [ 46.738319] ================================================================================ [ 46.738412] UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 [ 46.738475] index 231 is out of range for type 'unsigned int [2]' [ 46.738539] CPU: 2 PID: 939 Comm: umount Not tainted 5.17.0-rc6 #1 [ 46.738547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 46.738551] Call Trace: [ 46.738556] <TASK> [ 46.738563] dump_stack_lvl+0x47/0x5c [ 46.738581] ubsan_epilogue+0x5/0x50 [ 46.738592] __ubsan_handle_out_of_bounds+0x68/0x80 [ 46.738604] f2fs_allocate_data_block+0xdff/0xe60 [f2fs] [ 46.738819] do_write_page+0xef/0x210 [f2fs] [ 46.738934] f2fs_do_write_node_page+0x3f/0x80 [f2fs] [ 46.739038] __write_node_page+0x2b7/0x920 [f2fs] [ 46.739162] f2fs_sync_node_pages+0x943/0xb00 [f2fs] [ 46.739293] f2fs_write_checkpoint+0x7bb/0x1030 [f2fs] [ 46.739405] kill_f2fs_super+0x125/0x150 [f2fs] [ 46.739507] deactivate_locked_super+0x60/0xc0 [ 46.739517] deactivate_super+0x70/0xb0 [ 46.739524] cleanup_mnt+0x11a/0x200 [ 46.739532] __cleanup_mnt+0x16/0x20 [ 46.739538] task_work_run+0x67/0xa0 [ 46.739547] exit_to_user_mode_prepare+0x18c/0x1a0 [ 46.739559] syscall_exit_to_user_mode+0x26/0x40 [ 46.739568] do_syscall_64+0x46/0xb0 [ 46.739584] entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is we missed to do sanity check on curseg->alloc_type, result in out-of-bound accessing on sbi->block_count[] array, fix it.
AI-Powered Analysis
Technical Analysis
CVE-2022-49170 is a vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The flaw arises from a missing sanity check on the 'curseg->alloc_type' variable, which leads to an out-of-bounds array access on the 'sbi->block_count[]' array. Specifically, when mounting and operating on a corrupted F2FS image, the kernel can trigger an array-index-out-of-bounds error, as detected by the Undefined Behavior Sanitizer (UBSAN). The issue manifests in the function 'f2fs_allocate_data_block' within the segment.c source file. The vulnerability can cause kernel crashes or panics due to invalid memory access, potentially leading to denial of service (DoS). The root cause is the lack of validation on the allocation type index before it is used to access the block_count array, which can be manipulated by mounting a corrupted or maliciously crafted F2FS image. The vulnerability was identified and reported by Wenqing Liu and affects Linux kernel versions around 5.17-rc4 and 5.17-rc6. The fix involves adding proper sanity checks to prevent out-of-bounds access. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with vulnerable F2FS implementations, especially those using F2FS on flash storage devices. The impact includes potential denial of service through kernel crashes when mounting or operating on corrupted or malicious F2FS images. This could disrupt critical services, especially in environments relying on Linux-based infrastructure such as cloud providers, telecom operators, and embedded systems in industrial control or IoT devices. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting system instability could cause operational downtime and impact availability. Organizations using containerized environments or virtual machines with F2FS-backed storage should also consider the risk. Given the lack of known exploits, the immediate threat may be low, but the vulnerability could be leveraged in targeted attacks or combined with other exploits to increase impact.
Mitigation Recommendations
1. Apply the latest Linux kernel patches that include the fix for CVE-2022-49170 as soon as they become available from trusted sources or distributions. 2. Avoid mounting untrusted or corrupted F2FS images, especially from unknown or unverified sources. 3. Implement strict validation and scanning of file system images before deployment in production environments. 4. Monitor kernel logs for signs of UBSAN or out-of-bounds errors related to F2FS operations to detect potential exploitation attempts. 5. For embedded or specialized devices using F2FS, coordinate with vendors to ensure firmware or kernel updates are applied promptly. 6. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation risk. 7. Use container security best practices to limit the impact of kernel vulnerabilities, including running containers with minimal privileges and resource limits.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.279Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5138
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 3:42:34 AM
Last updated: 8/8/2025, 8:35:48 PM
Views: 13
Related Threats
CVE-2025-55197: CWE-400: Uncontrolled Resource Consumption in py-pdf pypdf
MediumCVE-2025-8929: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-8928: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-34154: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Synergetic Data Systems Inc. UnForm Server Manager
CriticalCVE-2025-8927: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.