CVE-2022-49360: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on total_data_blocks As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215916 The kernel message is shown below: kernel BUG at fs/f2fs/segment.c:2560! Call Trace: allocate_segment_by_default+0x228/0x440 f2fs_allocate_data_block+0x13d1/0x31f0 do_write_page+0x18d/0x710 f2fs_outplace_write_data+0x151/0x250 f2fs_do_write_data_page+0xef9/0x1980 move_data_page+0x6af/0xbc0 do_garbage_collect+0x312f/0x46f0 f2fs_gc+0x6b0/0x3bc0 f2fs_balance_fs+0x921/0x2260 f2fs_write_single_data_page+0x16be/0x2370 f2fs_write_cache_pages+0x428/0xd00 f2fs_write_data_pages+0x96e/0xd50 do_writepages+0x168/0x550 __writeback_single_inode+0x9f/0x870 writeback_sb_inodes+0x47d/0xb20 __writeback_inodes_wb+0xb2/0x200 wb_writeback+0x4bd/0x660 wb_workfn+0x5f3/0xab0 process_one_work+0x79f/0x13e0 worker_thread+0x89/0xf60 kthread+0x26a/0x300 ret_from_fork+0x22/0x30 RIP: 0010:new_curseg+0xe8d/0x15f0 The root cause is: ckpt.valid_block_count is inconsistent with SIT table, stat info indicates filesystem has free blocks, but SIT table indicates filesystem has no free segment. So that during garbage colloection, it triggers panic when LFS allocator fails to find free segment. This patch tries to fix this issue by checking consistency in between ckpt.valid_block_count and block accounted from SIT.
AI Analysis
Technical Summary
CVE-2022-49360 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue arises from an inconsistency between the checkpoint's valid_block_count and the block accounting in the Segment Information Table (SIT). Specifically, the checkpoint metadata indicates that the filesystem has free blocks available, while the SIT indicates no free segments. This discrepancy leads to a failure during the garbage collection process, where the Log-structured File System (LFS) allocator cannot find a free segment to allocate. The failure triggers a kernel panic, causing the system to crash. The root cause is a lack of proper sanity checks on the total_data_blocks during segment allocation and garbage collection. The vulnerability was reported by Yanming and addressed by adding consistency checks between the checkpoint's valid_block_count and the SIT's block accounting to prevent the allocator from operating on inconsistent filesystem state. The kernel panic occurs in the function new_curseg during segment allocation, which is critical for maintaining filesystem integrity and performance. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and potentially other versions using the vulnerable F2FS implementation. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with the F2FS filesystem, which is commonly used in flash storage devices such as SSDs and embedded systems. The kernel panic triggered by this vulnerability leads to system crashes, resulting in denial of service (DoS). This can disrupt critical services, especially in environments relying on Linux servers or embedded devices with F2FS. The impact on confidentiality and integrity is minimal since the vulnerability does not directly allow unauthorized access or data manipulation. However, availability is significantly affected, which can cause operational downtime, data loss if crashes occur during write operations, and potential cascading failures in dependent services. Organizations using Linux-based infrastructure for cloud services, IoT devices, or storage appliances may experience service interruptions. The lack of known exploits reduces immediate risk, but the severity of a kernel panic in production environments warrants prompt attention. Additionally, recovery from such crashes may require manual intervention, increasing operational costs and downtime.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patch that introduces sanity checks between the checkpoint valid_block_count and the SIT block accounting as soon as it becomes available and is tested for their environment. 2) Regularly update Linux kernels to the latest stable versions to incorporate security fixes and improvements. 3) Monitor kernel logs for any signs of filesystem inconsistencies or kernel panics related to F2FS. 4) Implement robust backup and recovery procedures to minimize data loss in the event of unexpected crashes. 5) For critical systems, consider using alternative filesystems with mature stability if F2FS is not a strict requirement. 6) Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure compatibility and stability. 7) Limit access to systems running vulnerable kernels to trusted users and networks to reduce the risk of accidental or malicious triggering of the vulnerability. 8) Employ system monitoring and alerting tools to detect abnormal system behavior indicative of filesystem issues early.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49360: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on total_data_blocks As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215916 The kernel message is shown below: kernel BUG at fs/f2fs/segment.c:2560! Call Trace: allocate_segment_by_default+0x228/0x440 f2fs_allocate_data_block+0x13d1/0x31f0 do_write_page+0x18d/0x710 f2fs_outplace_write_data+0x151/0x250 f2fs_do_write_data_page+0xef9/0x1980 move_data_page+0x6af/0xbc0 do_garbage_collect+0x312f/0x46f0 f2fs_gc+0x6b0/0x3bc0 f2fs_balance_fs+0x921/0x2260 f2fs_write_single_data_page+0x16be/0x2370 f2fs_write_cache_pages+0x428/0xd00 f2fs_write_data_pages+0x96e/0xd50 do_writepages+0x168/0x550 __writeback_single_inode+0x9f/0x870 writeback_sb_inodes+0x47d/0xb20 __writeback_inodes_wb+0xb2/0x200 wb_writeback+0x4bd/0x660 wb_workfn+0x5f3/0xab0 process_one_work+0x79f/0x13e0 worker_thread+0x89/0xf60 kthread+0x26a/0x300 ret_from_fork+0x22/0x30 RIP: 0010:new_curseg+0xe8d/0x15f0 The root cause is: ckpt.valid_block_count is inconsistent with SIT table, stat info indicates filesystem has free blocks, but SIT table indicates filesystem has no free segment. So that during garbage colloection, it triggers panic when LFS allocator fails to find free segment. This patch tries to fix this issue by checking consistency in between ckpt.valid_block_count and block accounted from SIT.
AI-Powered Analysis
Technical Analysis
CVE-2022-49360 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue arises from an inconsistency between the checkpoint's valid_block_count and the block accounting in the Segment Information Table (SIT). Specifically, the checkpoint metadata indicates that the filesystem has free blocks available, while the SIT indicates no free segments. This discrepancy leads to a failure during the garbage collection process, where the Log-structured File System (LFS) allocator cannot find a free segment to allocate. The failure triggers a kernel panic, causing the system to crash. The root cause is a lack of proper sanity checks on the total_data_blocks during segment allocation and garbage collection. The vulnerability was reported by Yanming and addressed by adding consistency checks between the checkpoint's valid_block_count and the SIT's block accounting to prevent the allocator from operating on inconsistent filesystem state. The kernel panic occurs in the function new_curseg during segment allocation, which is critical for maintaining filesystem integrity and performance. This vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and potentially other versions using the vulnerable F2FS implementation. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with the F2FS filesystem, which is commonly used in flash storage devices such as SSDs and embedded systems. The kernel panic triggered by this vulnerability leads to system crashes, resulting in denial of service (DoS). This can disrupt critical services, especially in environments relying on Linux servers or embedded devices with F2FS. The impact on confidentiality and integrity is minimal since the vulnerability does not directly allow unauthorized access or data manipulation. However, availability is significantly affected, which can cause operational downtime, data loss if crashes occur during write operations, and potential cascading failures in dependent services. Organizations using Linux-based infrastructure for cloud services, IoT devices, or storage appliances may experience service interruptions. The lack of known exploits reduces immediate risk, but the severity of a kernel panic in production environments warrants prompt attention. Additionally, recovery from such crashes may require manual intervention, increasing operational costs and downtime.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patch that introduces sanity checks between the checkpoint valid_block_count and the SIT block accounting as soon as it becomes available and is tested for their environment. 2) Regularly update Linux kernels to the latest stable versions to incorporate security fixes and improvements. 3) Monitor kernel logs for any signs of filesystem inconsistencies or kernel panics related to F2FS. 4) Implement robust backup and recovery procedures to minimize data loss in the event of unexpected crashes. 5) For critical systems, consider using alternative filesystems with mature stability if F2FS is not a strict requirement. 6) Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure compatibility and stability. 7) Limit access to systems running vulnerable kernels to trusted users and networks to reduce the risk of accidental or malicious triggering of the vulnerability. 8) Employ system monitoring and alerting tools to detect abnormal system behavior indicative of filesystem issues early.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.546Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5799
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 6:25:42 AM
Last updated: 8/13/2025, 12:47:48 AM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.