CVE-2022-49352: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows: EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error EXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory EXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent mapped inodes with bigalloc ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220 Modules linked in: CPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1 RIP: 0010:ext4_file_write_iter+0x11c9/0x1220 RSP: 0018:ffff924d80b27c00 EFLAGS: 00010282 RAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000 RDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd RBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f R10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a R13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b FS: 00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_iter_readv_writev+0x2e5/0x360 do_iter_write+0x112/0x4c0 do_pwritev+0x1e5/0x390 __x64_sys_pwritev2+0x7e/0xa0 do_syscall_64+0x37/0x50 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Above issue may happen as follows: Assume inode.i_size=4096 EXT4_I(inode)->i_disksize=4096 step 1: set inode->i_isize = 8192 ext4_setattr if (attr->ia_size != inode->i_size) EXT4_I(inode)->i_disksize = attr->ia_size; rc = ext4_mark_inode_dirty ext4_reserve_inode_write ext4_get_inode_loc __ext4_get_inode_loc sb_getblk --> return -ENOMEM ... if (!error) ->will not update i_size i_size_write(inode, attr->ia_size); Now: inode.i_size=4096 EXT4_I(inode)->i_disksize=8192 step 2: Direct write 4096 bytes ext4_file_write_iter ext4_dio_write_iter iomap_dio_rw ->return error if (extend) ext4_handle_inode_extension WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize); ->Then trigger warning. To solve above issue, if mark inode dirty failed in ext4_setattr just set 'EXT4_I(inode)->i_disksize' with old value.
AI Analysis
Technical Summary
CVE-2022-49352 is a vulnerability in the Linux kernel's ext4 filesystem implementation, specifically related to inode size handling and memory allocation during file write operations. The issue arises when the ext4_setattr function attempts to update an inode's size attribute but fails to properly handle errors during the inode dirty marking process. In particular, if ext4_mark_inode_dirty fails due to an out-of-memory condition (ENOMEM) when reserving inode write space, the internal ext4 inode disk size (EXT4_I(inode)->i_disksize) is updated to the new size, but the actual inode size (inode.i_size) remains unchanged. This inconsistency leads to a warning triggered in ext4_file_write_iter when a direct write operation attempts to extend the file size. The kernel logs warnings such as "EXT4-fs error (device loop0) in ext4_reserve_inode_write: Out of memory" and "mark_inode_dirty error," indicating the failure to allocate blocks or memory for the inode extension. The root cause is that the ext4 filesystem does not revert the i_disksize to its previous value upon failure to mark the inode dirty, causing a mismatch between the inode size and disk size. This can lead to kernel warnings and potential instability during file write operations on ext4 filesystems. The vulnerability is triggered under low-memory conditions and involves complex interactions between inode attribute setting and block allocation. The patch involves ensuring that if ext4_setattr fails to mark the inode dirty, the i_disksize is reset to the old value to maintain consistency and prevent warnings or errors during subsequent writes. Although no known exploits are reported in the wild, this vulnerability could cause denial of service or system instability due to kernel warnings and errors during filesystem operations.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of system instability or denial of service on Linux systems using ext4 filesystems, which are widely deployed across servers, desktops, and embedded devices. The ext4 filesystem is the default on many Linux distributions popular in Europe, including Ubuntu, Debian, and Red Hat-based systems. Organizations relying on Linux servers for critical infrastructure, cloud services, or data storage could experience unexpected kernel warnings, potential crashes, or degraded performance under memory pressure conditions. This could impact availability of services, especially in environments with constrained memory resources or high I/O workloads. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting filesystem errors could disrupt operations, complicate troubleshooting, and increase maintenance overhead. In sectors such as finance, healthcare, and government where Linux systems are prevalent, even transient outages or filesystem errors can have significant operational and compliance implications. Additionally, embedded Linux devices used in industrial control or telecommunications could be affected if they run vulnerable kernel versions and experience memory pressure, potentially impacting service continuity.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel updates that include the fix for CVE-2022-49352 as soon as they become available from their distribution vendors. 2) Monitor system logs for ext4 filesystem warnings or errors related to inode writes and memory allocation failures to detect potential exploitation or triggering of the issue. 3) Ensure adequate system memory and optimize memory usage to reduce the likelihood of out-of-memory conditions that trigger the vulnerability. 4) For critical systems, consider implementing memory resource limits and monitoring to proactively prevent memory exhaustion scenarios. 5) Test kernel updates in staging environments to verify stability and compatibility before deployment in production. 6) Maintain regular backups of critical data to mitigate risks from potential filesystem corruption or instability. 7) If immediate patching is not possible, consider using alternative filesystems or kernel versions not affected by this issue, where feasible. 8) Engage with Linux distribution security advisories and subscribe to relevant mailing lists to stay informed about patches and related vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland, Belgium, Finland
CVE-2022-49352: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows: EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error EXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory EXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent mapped inodes with bigalloc ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220 Modules linked in: CPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1 RIP: 0010:ext4_file_write_iter+0x11c9/0x1220 RSP: 0018:ffff924d80b27c00 EFLAGS: 00010282 RAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000 RDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd RBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f R10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a R13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b FS: 00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_iter_readv_writev+0x2e5/0x360 do_iter_write+0x112/0x4c0 do_pwritev+0x1e5/0x390 __x64_sys_pwritev2+0x7e/0xa0 do_syscall_64+0x37/0x50 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Above issue may happen as follows: Assume inode.i_size=4096 EXT4_I(inode)->i_disksize=4096 step 1: set inode->i_isize = 8192 ext4_setattr if (attr->ia_size != inode->i_size) EXT4_I(inode)->i_disksize = attr->ia_size; rc = ext4_mark_inode_dirty ext4_reserve_inode_write ext4_get_inode_loc __ext4_get_inode_loc sb_getblk --> return -ENOMEM ... if (!error) ->will not update i_size i_size_write(inode, attr->ia_size); Now: inode.i_size=4096 EXT4_I(inode)->i_disksize=8192 step 2: Direct write 4096 bytes ext4_file_write_iter ext4_dio_write_iter iomap_dio_rw ->return error if (extend) ext4_handle_inode_extension WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize); ->Then trigger warning. To solve above issue, if mark inode dirty failed in ext4_setattr just set 'EXT4_I(inode)->i_disksize' with old value.
AI-Powered Analysis
Technical Analysis
CVE-2022-49352 is a vulnerability in the Linux kernel's ext4 filesystem implementation, specifically related to inode size handling and memory allocation during file write operations. The issue arises when the ext4_setattr function attempts to update an inode's size attribute but fails to properly handle errors during the inode dirty marking process. In particular, if ext4_mark_inode_dirty fails due to an out-of-memory condition (ENOMEM) when reserving inode write space, the internal ext4 inode disk size (EXT4_I(inode)->i_disksize) is updated to the new size, but the actual inode size (inode.i_size) remains unchanged. This inconsistency leads to a warning triggered in ext4_file_write_iter when a direct write operation attempts to extend the file size. The kernel logs warnings such as "EXT4-fs error (device loop0) in ext4_reserve_inode_write: Out of memory" and "mark_inode_dirty error," indicating the failure to allocate blocks or memory for the inode extension. The root cause is that the ext4 filesystem does not revert the i_disksize to its previous value upon failure to mark the inode dirty, causing a mismatch between the inode size and disk size. This can lead to kernel warnings and potential instability during file write operations on ext4 filesystems. The vulnerability is triggered under low-memory conditions and involves complex interactions between inode attribute setting and block allocation. The patch involves ensuring that if ext4_setattr fails to mark the inode dirty, the i_disksize is reset to the old value to maintain consistency and prevent warnings or errors during subsequent writes. Although no known exploits are reported in the wild, this vulnerability could cause denial of service or system instability due to kernel warnings and errors during filesystem operations.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of system instability or denial of service on Linux systems using ext4 filesystems, which are widely deployed across servers, desktops, and embedded devices. The ext4 filesystem is the default on many Linux distributions popular in Europe, including Ubuntu, Debian, and Red Hat-based systems. Organizations relying on Linux servers for critical infrastructure, cloud services, or data storage could experience unexpected kernel warnings, potential crashes, or degraded performance under memory pressure conditions. This could impact availability of services, especially in environments with constrained memory resources or high I/O workloads. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting filesystem errors could disrupt operations, complicate troubleshooting, and increase maintenance overhead. In sectors such as finance, healthcare, and government where Linux systems are prevalent, even transient outages or filesystem errors can have significant operational and compliance implications. Additionally, embedded Linux devices used in industrial control or telecommunications could be affected if they run vulnerable kernel versions and experience memory pressure, potentially impacting service continuity.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel updates that include the fix for CVE-2022-49352 as soon as they become available from their distribution vendors. 2) Monitor system logs for ext4 filesystem warnings or errors related to inode writes and memory allocation failures to detect potential exploitation or triggering of the issue. 3) Ensure adequate system memory and optimize memory usage to reduce the likelihood of out-of-memory conditions that trigger the vulnerability. 4) For critical systems, consider implementing memory resource limits and monitoring to proactively prevent memory exhaustion scenarios. 5) Test kernel updates in staging environments to verify stability and compatibility before deployment in production. 6) Maintain regular backups of critical data to mitigate risks from potential filesystem corruption or instability. 7) If immediate patching is not possible, consider using alternative filesystems or kernel versions not affected by this issue, where feasible. 8) Engage with Linux distribution security advisories and subscribe to relevant mailing lists to stay informed about patches and related vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.544Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe575f
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 6:11:50 AM
Last updated: 8/14/2025, 10:29:10 PM
Views: 13
Related Threats
CVE-2025-8193
LowCVE-2025-9356: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-9355: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-43761: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-24902: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.