CVE-2022-49707: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserve_backup_gdb() and passing an uninitialized resize_inode to it when adding new group descriptors. mkfs.ext4 /dev/sda 3G tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck mount /dev/sda /mnt resize2fs /dev/sda 8G ======== BUG: kernel NULL pointer dereference, address: 0000000000000028 CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748 ... RIP: 0010:ext4_flex_group_add+0xe08/0x2570 ... Call Trace: <TASK> ext4_resize_fs+0xbec/0x1660 __ext4_ioctl+0x1749/0x24e0 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xa6/0x110 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f2dd739617b ======== The fix is simple, add a check in ext4_resize_begin() to make sure that the es->s_reserved_gdt_blocks is zero when the resize_inode feature is disabled.
AI Analysis
Technical Summary
CVE-2022-49707 is a vulnerability in the Linux kernel's ext4 filesystem implementation related to the resizing of ext4 filesystems. The issue arises when resizing a corrupt ext4 image where the resize_inode feature has been cleared but the filesystem has not been checked with e2fsck as required. Specifically, the vulnerability is due to improper handling of the reserved group descriptor table (GDT) blocks count (es->s_reserved_gdt_blocks) during the resizing process. When the resize_inode feature is disabled, the ext4_resize_fs() function converts the filesystem to meta_bg mode but fails to reset the reserved GDT blocks count to zero. This leads to a scenario where the function reserve_backup_gdb() is called with an uninitialized resize_inode pointer while adding new group descriptors. This results in a NULL pointer dereference, causing a kernel crash (BUG) and potential denial of service. The vulnerability can be reproduced by creating an ext4 filesystem, disabling the resize_inode feature without running e2fsck, mounting the filesystem, and then attempting to resize it. The root cause is a missing check in ext4_resize_begin() to ensure that s_reserved_gdt_blocks is zero when resize_inode is disabled. The fix involves adding this check to prevent the NULL pointer dereference. This vulnerability affects Linux kernel versions around 5.18.0-rc7 and likely other versions using similar ext4 code. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with ext4 filesystems that utilize the resize_inode feature and perform filesystem resizing operations. The impact is mainly a denial of service through kernel crashes caused by NULL pointer dereferences, which can disrupt critical services, especially in environments relying on dynamic resizing of storage volumes such as cloud infrastructure, virtualization hosts, and container platforms. While this vulnerability does not directly lead to privilege escalation or data corruption, the resulting system instability can cause downtime, loss of availability, and potential cascading failures in dependent services. Organizations with automated storage management or frequent filesystem resizing operations are at higher risk. Additionally, failure to run e2fsck after disabling resize_inode increases exposure. Given the widespread use of Linux and ext4 in European data centers, enterprises, and public sector infrastructure, this vulnerability could affect a broad range of systems if unpatched. However, exploitation requires specific conditions and local access to perform resizing, limiting remote attack vectors.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-49707 as soon as they become available to ensure the ext4_resize_begin() function includes the necessary checks. 2. Enforce strict operational procedures to always run e2fsck after disabling the resize_inode feature on ext4 filesystems before performing any resize operations. 3. Audit existing ext4 filesystems to identify any that have the resize_inode feature disabled without proper filesystem checks and avoid resizing them until remediated. 4. Limit filesystem resizing operations to trusted administrators and restrict local access to systems where such operations are performed to reduce the risk of accidental or malicious triggering. 5. Monitor kernel logs for NULL pointer dereference crashes related to ext4 resizing to detect potential exploitation attempts or accidental triggers. 6. In virtualized or containerized environments, consider isolating or snapshotting ext4 volumes before resizing to minimize impact in case of failure. 7. Educate system administrators on the importance of following correct procedures when modifying filesystem features and resizing ext4 volumes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2022-49707: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserve_backup_gdb() and passing an uninitialized resize_inode to it when adding new group descriptors. mkfs.ext4 /dev/sda 3G tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck mount /dev/sda /mnt resize2fs /dev/sda 8G ======== BUG: kernel NULL pointer dereference, address: 0000000000000028 CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748 ... RIP: 0010:ext4_flex_group_add+0xe08/0x2570 ... Call Trace: <TASK> ext4_resize_fs+0xbec/0x1660 __ext4_ioctl+0x1749/0x24e0 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xa6/0x110 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f2dd739617b ======== The fix is simple, add a check in ext4_resize_begin() to make sure that the es->s_reserved_gdt_blocks is zero when the resize_inode feature is disabled.
AI-Powered Analysis
Technical Analysis
CVE-2022-49707 is a vulnerability in the Linux kernel's ext4 filesystem implementation related to the resizing of ext4 filesystems. The issue arises when resizing a corrupt ext4 image where the resize_inode feature has been cleared but the filesystem has not been checked with e2fsck as required. Specifically, the vulnerability is due to improper handling of the reserved group descriptor table (GDT) blocks count (es->s_reserved_gdt_blocks) during the resizing process. When the resize_inode feature is disabled, the ext4_resize_fs() function converts the filesystem to meta_bg mode but fails to reset the reserved GDT blocks count to zero. This leads to a scenario where the function reserve_backup_gdb() is called with an uninitialized resize_inode pointer while adding new group descriptors. This results in a NULL pointer dereference, causing a kernel crash (BUG) and potential denial of service. The vulnerability can be reproduced by creating an ext4 filesystem, disabling the resize_inode feature without running e2fsck, mounting the filesystem, and then attempting to resize it. The root cause is a missing check in ext4_resize_begin() to ensure that s_reserved_gdt_blocks is zero when resize_inode is disabled. The fix involves adding this check to prevent the NULL pointer dereference. This vulnerability affects Linux kernel versions around 5.18.0-rc7 and likely other versions using similar ext4 code. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with ext4 filesystems that utilize the resize_inode feature and perform filesystem resizing operations. The impact is mainly a denial of service through kernel crashes caused by NULL pointer dereferences, which can disrupt critical services, especially in environments relying on dynamic resizing of storage volumes such as cloud infrastructure, virtualization hosts, and container platforms. While this vulnerability does not directly lead to privilege escalation or data corruption, the resulting system instability can cause downtime, loss of availability, and potential cascading failures in dependent services. Organizations with automated storage management or frequent filesystem resizing operations are at higher risk. Additionally, failure to run e2fsck after disabling resize_inode increases exposure. Given the widespread use of Linux and ext4 in European data centers, enterprises, and public sector infrastructure, this vulnerability could affect a broad range of systems if unpatched. However, exploitation requires specific conditions and local access to perform resizing, limiting remote attack vectors.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-49707 as soon as they become available to ensure the ext4_resize_begin() function includes the necessary checks. 2. Enforce strict operational procedures to always run e2fsck after disabling the resize_inode feature on ext4 filesystems before performing any resize operations. 3. Audit existing ext4 filesystems to identify any that have the resize_inode feature disabled without proper filesystem checks and avoid resizing them until remediated. 4. Limit filesystem resizing operations to trusted administrators and restrict local access to systems where such operations are performed to reduce the risk of accidental or malicious triggering. 5. Monitor kernel logs for NULL pointer dereference crashes related to ext4 resizing to detect potential exploitation attempts or accidental triggers. 6. In virtualized or containerized environments, consider isolating or snapshotting ext4 volumes before resizing to minimize impact in case of failure. 7. Educate system administrators on the importance of following correct procedures when modifying filesystem features and resizing ext4 volumes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.444Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe48e1
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 12:26:58 AM
Last updated: 8/14/2025, 12:44:49 PM
Views: 15
Related Threats
CVE-2025-27721: CWE-497 in INFINITT Healthcare INFINITT PACS System Manager
HighCVE-2025-3128: CWE-78 in Mitsubishi Electric Europe smartRTU
CriticalCVE-2025-55107: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Esri Portal for ArcGIS Enterprise Sites
MediumCVE-2025-55106: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Esri Portal for ArcGIS Enterprise Sites
MediumCVE-2025-55105: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Esri Portal for ArcGIS Enterprise Experience Sites
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.