CVE-2022-49364: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to clear dirty inode in f2fs_evict_inode() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215904 The kernel message is shown below: kernel BUG at fs/f2fs/inode.c:825! Call Trace: evict+0x282/0x4e0 __dentry_kill+0x2b2/0x4d0 shrink_dentry_list+0x17c/0x4f0 shrink_dcache_parent+0x143/0x1e0 do_one_tree+0x9/0x30 shrink_dcache_for_umount+0x51/0x120 generic_shutdown_super+0x5c/0x3a0 kill_block_super+0x90/0xd0 kill_f2fs_super+0x225/0x310 deactivate_locked_super+0x78/0xc0 cleanup_mnt+0x2b7/0x480 task_work_run+0xc8/0x150 exit_to_user_mode_prepare+0x14a/0x150 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0x90 The root cause is: inode node and dnode node share the same nid, so during f2fs_evict_inode(), dnode node truncation will invalidate its NAT entry, so when truncating inode node, it fails due to invalid NAT entry, result in inode is still marked as dirty, fix this issue by clearing dirty for inode and setting SBI_NEED_FSCK flag in filesystem. output from dump.f2fs: [print_node_info: 354] Node ID [0xf:15] is inode i_nid[0] [0x f : 15]
AI Analysis
Technical Summary
CVE-2022-49364 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue arises from the way inode and dnode nodes share the same node ID (nid). During the eviction process of an inode (f2fs_evict_inode()), the truncation of the dnode invalidates its NAT (Node Address Table) entry. Consequently, when the inode node is truncated, it fails due to the invalid NAT entry, leaving the inode marked as dirty. This improper state can cause filesystem inconsistencies and potential corruption. The kernel log indicates a BUG triggered in the inode.c file during the eviction process, leading to a kernel panic or crash. The fix involves clearing the dirty flag on the inode and setting the SBI_NEED_FSCK flag, which signals the filesystem to run a consistency check (fsck) on the next mount to repair any damage. This vulnerability affects specific Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems using the F2FS filesystem, commonly deployed on flash storage devices such as SSDs and embedded systems.
Potential Impact
For European organizations, the impact of CVE-2022-49364 can be significant, especially for those relying on Linux systems with F2FS-formatted storage. The vulnerability can lead to filesystem corruption, data loss, and system instability due to kernel panics or crashes during inode eviction. This can disrupt critical services, cause downtime, and potentially result in loss of sensitive or operational data. Organizations using embedded Linux devices, IoT infrastructure, or servers with flash storage formatted with F2FS are particularly at risk. The need for filesystem checks (fsck) after the vulnerability triggers can extend recovery times and complicate incident response. While no remote code execution or privilege escalation is indicated, the availability and integrity of data and systems are at risk, which can affect business continuity and operational reliability.
Mitigation Recommendations
To mitigate CVE-2022-49364, organizations should: 1) Apply the official Linux kernel patches that address the inode eviction and NAT entry invalidation issue as soon as they become available. 2) Identify and inventory all systems using the F2FS filesystem, particularly those running affected kernel versions. 3) Schedule maintenance windows to update kernels and perform filesystem checks (fsck) to repair any inconsistencies caused by this vulnerability. 4) Implement monitoring for kernel logs to detect signs of inode eviction failures or kernel BUG messages related to f2fs. 5) For critical systems, consider temporarily migrating data off F2FS or using alternative filesystems until patches are applied. 6) Ensure robust backup and recovery procedures are in place to mitigate potential data loss. 7) Educate system administrators about the vulnerability and the importance of timely patching and filesystem maintenance.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2022-49364: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to clear dirty inode in f2fs_evict_inode() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215904 The kernel message is shown below: kernel BUG at fs/f2fs/inode.c:825! Call Trace: evict+0x282/0x4e0 __dentry_kill+0x2b2/0x4d0 shrink_dentry_list+0x17c/0x4f0 shrink_dcache_parent+0x143/0x1e0 do_one_tree+0x9/0x30 shrink_dcache_for_umount+0x51/0x120 generic_shutdown_super+0x5c/0x3a0 kill_block_super+0x90/0xd0 kill_f2fs_super+0x225/0x310 deactivate_locked_super+0x78/0xc0 cleanup_mnt+0x2b7/0x480 task_work_run+0xc8/0x150 exit_to_user_mode_prepare+0x14a/0x150 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0x90 The root cause is: inode node and dnode node share the same nid, so during f2fs_evict_inode(), dnode node truncation will invalidate its NAT entry, so when truncating inode node, it fails due to invalid NAT entry, result in inode is still marked as dirty, fix this issue by clearing dirty for inode and setting SBI_NEED_FSCK flag in filesystem. output from dump.f2fs: [print_node_info: 354] Node ID [0xf:15] is inode i_nid[0] [0x f : 15]
AI-Powered Analysis
Technical Analysis
CVE-2022-49364 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue arises from the way inode and dnode nodes share the same node ID (nid). During the eviction process of an inode (f2fs_evict_inode()), the truncation of the dnode invalidates its NAT (Node Address Table) entry. Consequently, when the inode node is truncated, it fails due to the invalid NAT entry, leaving the inode marked as dirty. This improper state can cause filesystem inconsistencies and potential corruption. The kernel log indicates a BUG triggered in the inode.c file during the eviction process, leading to a kernel panic or crash. The fix involves clearing the dirty flag on the inode and setting the SBI_NEED_FSCK flag, which signals the filesystem to run a consistency check (fsck) on the next mount to repair any damage. This vulnerability affects specific Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems using the F2FS filesystem, commonly deployed on flash storage devices such as SSDs and embedded systems.
Potential Impact
For European organizations, the impact of CVE-2022-49364 can be significant, especially for those relying on Linux systems with F2FS-formatted storage. The vulnerability can lead to filesystem corruption, data loss, and system instability due to kernel panics or crashes during inode eviction. This can disrupt critical services, cause downtime, and potentially result in loss of sensitive or operational data. Organizations using embedded Linux devices, IoT infrastructure, or servers with flash storage formatted with F2FS are particularly at risk. The need for filesystem checks (fsck) after the vulnerability triggers can extend recovery times and complicate incident response. While no remote code execution or privilege escalation is indicated, the availability and integrity of data and systems are at risk, which can affect business continuity and operational reliability.
Mitigation Recommendations
To mitigate CVE-2022-49364, organizations should: 1) Apply the official Linux kernel patches that address the inode eviction and NAT entry invalidation issue as soon as they become available. 2) Identify and inventory all systems using the F2FS filesystem, particularly those running affected kernel versions. 3) Schedule maintenance windows to update kernels and perform filesystem checks (fsck) to repair any inconsistencies caused by this vulnerability. 4) Implement monitoring for kernel logs to detect signs of inode eviction failures or kernel BUG messages related to f2fs. 5) For critical systems, consider temporarily migrating data off F2FS or using alternative filesystems until patches are applied. 6) Ensure robust backup and recovery procedures are in place to mitigate potential data loss. 7) Educate system administrators about the vulnerability and the importance of timely patching and filesystem maintenance.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.547Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe57d1
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 6:27:03 AM
Last updated: 7/29/2025, 12:42:49 AM
Views: 8
Related Threats
CVE-2025-8983: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50862: n/a
MediumCVE-2025-50861: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.