CVE-2022-49738: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kworker/u4:3/52 CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 data_blkaddr fs/f2fs/f2fs.h:2891 [inline] is_alive fs/f2fs/gc.c:1117 [inline] gc_data_segment fs/f2fs/gc.c:1520 [inline] do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 f2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831 f2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410 f2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753 write_inode fs/fs-writeback.c:1440 [inline] __writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652 writeback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870 wb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044 wb_do_writeback fs/fs-writeback.c:2187 [inline] wb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 The root cause is that we forgot to do sanity check on .i_extra_isize in below path, result in accessing invalid address later, fix it. - gc_data_segment - is_alive - data_blkaddr - offset_in_addr
AI Analysis
Technical Summary
CVE-2022-49738 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The flaw arises from a missing sanity check on the .i_extra_isize field within the is_alive() function, which is part of the garbage collection process in F2FS. Specifically, the vulnerability involves slab-out-of-bounds memory access errors detected by Kernel Address Sanitizer (KASAN) during operations such as data_blkaddr, is_alive, gc_data_segment, and do_garbage_collect. The root cause is that the kernel code failed to validate the .i_extra_isize value, leading to invalid memory address dereferencing during garbage collection. This can cause kernel crashes or undefined behavior due to out-of-bounds reads. The issue was discovered by syzbot, an automated kernel fuzzing tool, and affects Linux kernel versions prior to the patch. The vulnerability is triggered during writeback operations handled by kernel worker threads, indicating it can be exploited during normal filesystem maintenance tasks. No public exploits are known at this time, and no CVSS score has been assigned yet. The vulnerability affects Linux systems using the F2FS filesystem, which is commonly deployed on flash storage devices, including SSDs and eMMC storage, often found in embedded systems, mobile devices, and some server environments. The vulnerability could lead to denial of service (kernel panic) or potentially escalate to privilege escalation if exploited further, given the kernel memory corruption nature of the bug.
Potential Impact
For European organizations, the impact of CVE-2022-49738 depends on their use of Linux systems with F2FS filesystems. Enterprises using Linux servers or embedded devices with F2FS could experience system instability or crashes, leading to denial of service conditions. This is particularly critical for infrastructure providers, cloud services, and telecommunications companies relying on Linux-based systems with flash storage. While no known exploits exist, the kernel memory corruption could be leveraged by attackers to gain elevated privileges or execute arbitrary code, posing a risk to confidentiality and integrity of sensitive data. The disruption of critical services due to kernel panics could affect business continuity and compliance with EU regulations on data availability and security. Additionally, embedded devices in industrial control systems or IoT deployments using F2FS could be vulnerable to remote or local exploitation, impacting operational technology environments. The lack of a public exploit reduces immediate risk, but the potential severity warrants prompt attention.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions that include the patch for CVE-2022-49738 as soon as it becomes available. Until patched, organizations should audit their systems to identify any use of the F2FS filesystem, especially on critical infrastructure and embedded devices. Where possible, migrate data from F2FS to more widely used and stable filesystems like ext4 or XFS to reduce exposure. Implement strict access controls and monitoring on systems with F2FS to detect unusual kernel crashes or suspicious activity that could indicate exploitation attempts. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and enable kernel lockdown features to limit attack surface. For embedded and IoT devices, coordinate with vendors to obtain firmware updates addressing this vulnerability. Additionally, maintain robust backup and recovery procedures to mitigate the impact of potential denial of service incidents caused by this flaw.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Estonia
CVE-2022-49738: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kworker/u4:3/52 CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 data_blkaddr fs/f2fs/f2fs.h:2891 [inline] is_alive fs/f2fs/gc.c:1117 [inline] gc_data_segment fs/f2fs/gc.c:1520 [inline] do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 f2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831 f2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410 f2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753 write_inode fs/fs-writeback.c:1440 [inline] __writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652 writeback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870 wb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044 wb_do_writeback fs/fs-writeback.c:2187 [inline] wb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 The root cause is that we forgot to do sanity check on .i_extra_isize in below path, result in accessing invalid address later, fix it. - gc_data_segment - is_alive - data_blkaddr - offset_in_addr
AI-Powered Analysis
Technical Analysis
CVE-2022-49738 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The flaw arises from a missing sanity check on the .i_extra_isize field within the is_alive() function, which is part of the garbage collection process in F2FS. Specifically, the vulnerability involves slab-out-of-bounds memory access errors detected by Kernel Address Sanitizer (KASAN) during operations such as data_blkaddr, is_alive, gc_data_segment, and do_garbage_collect. The root cause is that the kernel code failed to validate the .i_extra_isize value, leading to invalid memory address dereferencing during garbage collection. This can cause kernel crashes or undefined behavior due to out-of-bounds reads. The issue was discovered by syzbot, an automated kernel fuzzing tool, and affects Linux kernel versions prior to the patch. The vulnerability is triggered during writeback operations handled by kernel worker threads, indicating it can be exploited during normal filesystem maintenance tasks. No public exploits are known at this time, and no CVSS score has been assigned yet. The vulnerability affects Linux systems using the F2FS filesystem, which is commonly deployed on flash storage devices, including SSDs and eMMC storage, often found in embedded systems, mobile devices, and some server environments. The vulnerability could lead to denial of service (kernel panic) or potentially escalate to privilege escalation if exploited further, given the kernel memory corruption nature of the bug.
Potential Impact
For European organizations, the impact of CVE-2022-49738 depends on their use of Linux systems with F2FS filesystems. Enterprises using Linux servers or embedded devices with F2FS could experience system instability or crashes, leading to denial of service conditions. This is particularly critical for infrastructure providers, cloud services, and telecommunications companies relying on Linux-based systems with flash storage. While no known exploits exist, the kernel memory corruption could be leveraged by attackers to gain elevated privileges or execute arbitrary code, posing a risk to confidentiality and integrity of sensitive data. The disruption of critical services due to kernel panics could affect business continuity and compliance with EU regulations on data availability and security. Additionally, embedded devices in industrial control systems or IoT deployments using F2FS could be vulnerable to remote or local exploitation, impacting operational technology environments. The lack of a public exploit reduces immediate risk, but the potential severity warrants prompt attention.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions that include the patch for CVE-2022-49738 as soon as it becomes available. Until patched, organizations should audit their systems to identify any use of the F2FS filesystem, especially on critical infrastructure and embedded devices. Where possible, migrate data from F2FS to more widely used and stable filesystems like ext4 or XFS to reduce exposure. Implement strict access controls and monitoring on systems with F2FS to detect unusual kernel crashes or suspicious activity that could indicate exploitation attempts. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and enable kernel lockdown features to limit attack surface. For embedded and IoT devices, coordinate with vendors to obtain firmware updates addressing this vulnerability. Additionally, maintain robust backup and recovery procedures to mitigate the impact of potential denial of service incidents caused by this flaw.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:39:17.986Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe49cb
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 12:55:08 AM
Last updated: 7/30/2025, 12:55:18 AM
Views: 7
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.