CVE-2022-49850: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ * A file operation * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Prepare to write superblock * down_write(rwsem B) <-- nilfs_cleanup_super() * Detect b-tree corruption * nilfs_set_log_cursor() nilfs_bmap_convert_error() nilfs_count_free_blocks() __nilfs_error() down_read(rwsem A) <-- nilfs_set_error() down_write(rwsem B) <-- *** DEADLOCK *** Here, nilfs_get_block() readlocks rwsem A (= NILFS_MDT(dat_inode)->mi_sem) and then calls nilfs_bmap_lookup_contig(), but if it fails due to metadata corruption, __nilfs_error() is called from nilfs_bmap_convert_error() inside the lock section. Since __nilfs_error() calls nilfs_set_error() unless the filesystem is read-only and nilfs_set_error() attempts to writelock rwsem B (= nilfs->ns_sem) to write back superblock exclusively, hierarchical lock acquisition occurs in the order rwsem A -> rwsem B. Now, if another task starts updating the superblock, it may writelock rwsem B during the lock sequence above, and can deadlock trying to readlock rwsem A in nilfs_count_free_blocks(). However, there is actually no need to take rwsem A in nilfs_count_free_blocks() because it, within the lock section, only reads a single integer data on a shared struct with nilfs_sufile_get_ncleansegs(). This has been the case after commit aa474a220180 ("nilfs2: add local variable to cache the number of clean segments"), that is, even before this bug was introduced. So, this resolves the deadlock problem by just not taking the semaphore in nilfs_count_free_blocks().
AI Analysis
Technical Summary
CVE-2022-49850 is a concurrency vulnerability in the Linux kernel's NILFS2 (New Implementation of a Log-structured File System) subsystem. The issue arises from a semaphore deadlock involving two read-write semaphores (rwsem A and rwsem B) used to protect metadata structures during file operations and superblock writebacks. Specifically, when nilfs_get_block() detects metadata corruption during block location, it holds a read lock on rwsem A and calls nilfs_bmap_lookup_contig(). If corruption is detected, __nilfs_error() is invoked, which calls nilfs_set_error() to write-lock rwsem B for superblock writeback. This creates a lock acquisition order of rwsem A followed by rwsem B. Concurrently, another task performing superblock updates may acquire a write lock on rwsem B first and then attempt to read-lock rwsem A in nilfs_count_free_blocks(), causing a circular wait and deadlock. The root cause is that nilfs_count_free_blocks() unnecessarily acquires rwsem A while only reading a single integer shared with nilfs_sufile_get_ncleansegs(), which does not require locking. The fix removes the acquisition of rwsem A in nilfs_count_free_blocks(), thus preventing the deadlock by eliminating the lock order inversion. This vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the NILFS2 filesystem. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49850 primarily concerns systems running Linux with NILFS2 filesystems, which are less common than ext4 or XFS but may be used in specialized environments requiring log-structured filesystems for high-performance or fault-tolerant storage. The deadlock can cause system hangs or unresponsiveness during file operations or superblock updates, potentially leading to denial of service (DoS) conditions. This can disrupt critical services, especially in data centers, cloud infrastructure, or embedded systems relying on Linux. Although this vulnerability does not directly lead to privilege escalation or data corruption, the availability impact can affect business continuity and operational stability. European organizations with Linux-based infrastructure should assess their use of NILFS2 and consider the risk of deadlocks causing system outages. Since no known exploits exist, the threat is moderate but warrants timely patching to avoid potential service disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patch that removes the unnecessary semaphore acquisition in nilfs_count_free_blocks() as soon as it becomes available in your distribution's kernel updates. 2. Identify and inventory systems using NILFS2 filesystems; if NILFS2 is not in use, the risk is negligible. 3. For critical systems where immediate patching is not feasible, consider temporarily avoiding workloads that trigger heavy metadata operations or superblock writebacks on NILFS2 volumes. 4. Implement monitoring for kernel deadlocks or system hangs related to NILFS2 operations to detect potential exploitation or manifestation of this issue. 5. Engage with Linux distribution vendors to confirm patch availability and backport status for long-term support kernels commonly used in European enterprise environments. 6. Review system logs for nilfs-related errors or warnings that may indicate corruption or deadlock conditions and proactively remediate filesystem issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2022-49850: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ * A file operation * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Prepare to write superblock * down_write(rwsem B) <-- nilfs_cleanup_super() * Detect b-tree corruption * nilfs_set_log_cursor() nilfs_bmap_convert_error() nilfs_count_free_blocks() __nilfs_error() down_read(rwsem A) <-- nilfs_set_error() down_write(rwsem B) <-- *** DEADLOCK *** Here, nilfs_get_block() readlocks rwsem A (= NILFS_MDT(dat_inode)->mi_sem) and then calls nilfs_bmap_lookup_contig(), but if it fails due to metadata corruption, __nilfs_error() is called from nilfs_bmap_convert_error() inside the lock section. Since __nilfs_error() calls nilfs_set_error() unless the filesystem is read-only and nilfs_set_error() attempts to writelock rwsem B (= nilfs->ns_sem) to write back superblock exclusively, hierarchical lock acquisition occurs in the order rwsem A -> rwsem B. Now, if another task starts updating the superblock, it may writelock rwsem B during the lock sequence above, and can deadlock trying to readlock rwsem A in nilfs_count_free_blocks(). However, there is actually no need to take rwsem A in nilfs_count_free_blocks() because it, within the lock section, only reads a single integer data on a shared struct with nilfs_sufile_get_ncleansegs(). This has been the case after commit aa474a220180 ("nilfs2: add local variable to cache the number of clean segments"), that is, even before this bug was introduced. So, this resolves the deadlock problem by just not taking the semaphore in nilfs_count_free_blocks().
AI-Powered Analysis
Technical Analysis
CVE-2022-49850 is a concurrency vulnerability in the Linux kernel's NILFS2 (New Implementation of a Log-structured File System) subsystem. The issue arises from a semaphore deadlock involving two read-write semaphores (rwsem A and rwsem B) used to protect metadata structures during file operations and superblock writebacks. Specifically, when nilfs_get_block() detects metadata corruption during block location, it holds a read lock on rwsem A and calls nilfs_bmap_lookup_contig(). If corruption is detected, __nilfs_error() is invoked, which calls nilfs_set_error() to write-lock rwsem B for superblock writeback. This creates a lock acquisition order of rwsem A followed by rwsem B. Concurrently, another task performing superblock updates may acquire a write lock on rwsem B first and then attempt to read-lock rwsem A in nilfs_count_free_blocks(), causing a circular wait and deadlock. The root cause is that nilfs_count_free_blocks() unnecessarily acquires rwsem A while only reading a single integer shared with nilfs_sufile_get_ncleansegs(), which does not require locking. The fix removes the acquisition of rwsem A in nilfs_count_free_blocks(), thus preventing the deadlock by eliminating the lock order inversion. This vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the NILFS2 filesystem. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49850 primarily concerns systems running Linux with NILFS2 filesystems, which are less common than ext4 or XFS but may be used in specialized environments requiring log-structured filesystems for high-performance or fault-tolerant storage. The deadlock can cause system hangs or unresponsiveness during file operations or superblock updates, potentially leading to denial of service (DoS) conditions. This can disrupt critical services, especially in data centers, cloud infrastructure, or embedded systems relying on Linux. Although this vulnerability does not directly lead to privilege escalation or data corruption, the availability impact can affect business continuity and operational stability. European organizations with Linux-based infrastructure should assess their use of NILFS2 and consider the risk of deadlocks causing system outages. Since no known exploits exist, the threat is moderate but warrants timely patching to avoid potential service disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patch that removes the unnecessary semaphore acquisition in nilfs_count_free_blocks() as soon as it becomes available in your distribution's kernel updates. 2. Identify and inventory systems using NILFS2 filesystems; if NILFS2 is not in use, the risk is negligible. 3. For critical systems where immediate patching is not feasible, consider temporarily avoiding workloads that trigger heavy metadata operations or superblock writebacks on NILFS2 volumes. 4. Implement monitoring for kernel deadlocks or system hangs related to NILFS2 operations to detect potential exploitation or manifestation of this issue. 5. Engage with Linux distribution vendors to confirm patch availability and backport status for long-term support kernels commonly used in European enterprise environments. 6. Review system logs for nilfs-related errors or warnings that may indicate corruption or deadlock conditions and proactively remediate filesystem issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.230Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4e44
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 2:28:09 AM
Last updated: 7/31/2025, 12:59:12 AM
Views: 10
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.