{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-49707", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:21:30.444Z", "datePublished": "2025-02-26T02:24:25.441Z", "dateUpdated": "2026-05-11T19:05:11.366Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:05:11.366Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add reserved GDT blocks check\n\nWe capture a NULL pointer issue when resizing a corrupt ext4 image which\nis freshly clear resize_inode feature (not run e2fsck). It could be\nsimply reproduced by following steps. The problem is because of the\nresize_inode feature was cleared, and it will convert the filesystem to\nmeta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was\nnot reduced to zero, so could we mistakenly call reserve_backup_gdb()\nand passing an uninitialized resize_inode to it when adding new group\ndescriptors.\n\n mkfs.ext4 /dev/sda 3G\n tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck\n mount /dev/sda /mnt\n resize2fs /dev/sda 8G\n\n ========\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748\n ...\n RIP: 0010:ext4_flex_group_add+0xe08/0x2570\n ...\n Call Trace:\n <TASK>\n ext4_resize_fs+0xbec/0x1660\n __ext4_ioctl+0x1749/0x24e0\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xa6/0x110\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f2dd739617b\n ========\n\nThe fix is simple, add a check in ext4_resize_begin() to make sure that\nthe es->s_reserved_gdt_blocks is zero when the resize_inode feature is\ndisabled."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/resize.c"], "versions": [{"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "0dc2fca8e4f9ac4a40e8424a10163369cca0cc06", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "7c921328ac760bba780bdace41f4cd045f7f1405", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "b9747263b13e5290ac4d63bec47e38f701303cad", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "fba54289176702a7caac0b64738406775817f451", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "bfd004a1d3a062aac300523d406ac1f3e5f1a82c", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "33b1bba31f4c784d33d2c2517964bdccdc9204cd", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "af75c481a2e45e70f62f5942c93695e95bf7bd21", "status": "affected", "versionType": "git"}, {"version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "b55c3cd102a6f48b90e61c44f7f3dda8c290c694", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/resize.c"], "versions": [{"version": "3.7", "status": "affected"}, {"version": "0", "lessThan": "3.7", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.320", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.285", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.249", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.200", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.124", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.49", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.6", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "4.9.320"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "4.14.285"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "4.19.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.4.200"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.10.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.15.49"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.18.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06"}, {"url": "https://git.kernel.org/stable/c/7c921328ac760bba780bdace41f4cd045f7f1405"}, {"url": "https://git.kernel.org/stable/c/b9747263b13e5290ac4d63bec47e38f701303cad"}, {"url": "https://git.kernel.org/stable/c/fba54289176702a7caac0b64738406775817f451"}, {"url": "https://git.kernel.org/stable/c/bfd004a1d3a062aac300523d406ac1f3e5f1a82c"}, {"url": "https://git.kernel.org/stable/c/33b1bba31f4c784d33d2c2517964bdccdc9204cd"}, {"url": "https://git.kernel.org/stable/c/af75c481a2e45e70f62f5942c93695e95bf7bd21"}, {"url": "https://git.kernel.org/stable/c/b55c3cd102a6f48b90e61c44f7f3dda8c290c694"}], "title": "ext4: add reserved GDT blocks check", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:32:29.329505Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:36:45.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:32:29.329505Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T16:53:47.604Z"}}], "cna": {"title": "ext4: add reserved GDT blocks check", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "0dc2fca8e4f9ac4a40e8424a10163369cca0cc06", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "7c921328ac760bba780bdace41f4cd045f7f1405", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "b9747263b13e5290ac4d63bec47e38f701303cad", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "fba54289176702a7caac0b64738406775817f451", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "bfd004a1d3a062aac300523d406ac1f3e5f1a82c", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "33b1bba31f4c784d33d2c2517964bdccdc9204cd", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "af75c481a2e45e70f62f5942c93695e95bf7bd21", "versionType": "git"}, {"status": "affected", "version": "1c6bd7173d66b3dfdefcedb38cabc1fb03997509", "lessThan": "b55c3cd102a6f48b90e61c44f7f3dda8c290c694", "versionType": "git"}], "programFiles": ["fs/ext4/resize.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.7"}, {"status": "unaffected", "version": "0", "lessThan": "3.7", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.320", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.285", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.249", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.200", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.124", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.49", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.18.6", "versionType": "semver", "lessThanOrEqual": "5.18.*"}, {"status": "unaffected", "version": "5.19", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ext4/resize.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06"}, {"url": "https://git.kernel.org/stable/c/7c921328ac760bba780bdace41f4cd045f7f1405"}, {"url": "https://git.kernel.org/stable/c/b9747263b13e5290ac4d63bec47e38f701303cad"}, {"url": "https://git.kernel.org/stable/c/fba54289176702a7caac0b64738406775817f451"}, {"url": "https://git.kernel.org/stable/c/bfd004a1d3a062aac300523d406ac1f3e5f1a82c"}, {"url": "https://git.kernel.org/stable/c/33b1bba31f4c784d33d2c2517964bdccdc9204cd"}, {"url": "https://git.kernel.org/stable/c/af75c481a2e45e70f62f5942c93695e95bf7bd21"}, {"url": "https://git.kernel.org/stable/c/b55c3cd102a6f48b90e61c44f7f3dda8c290c694"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add reserved GDT blocks check\n\nWe capture a NULL pointer issue when resizing a corrupt ext4 image which\nis freshly clear resize_inode feature (not run e2fsck). It could be\nsimply reproduced by following steps. The problem is because of the\nresize_inode feature was cleared, and it will convert the filesystem to\nmeta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was\nnot reduced to zero, so could we mistakenly call reserve_backup_gdb()\nand passing an uninitialized resize_inode to it when adding new group\ndescriptors.\n\n mkfs.ext4 /dev/sda 3G\n tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck\n mount /dev/sda /mnt\n resize2fs /dev/sda 8G\n\n ========\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748\n ...\n RIP: 0010:ext4_flex_group_add+0xe08/0x2570\n ...\n Call Trace:\n <TASK>\n ext4_resize_fs+0xbec/0x1660\n __ext4_ioctl+0x1749/0x24e0\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xa6/0x110\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f2dd739617b\n ========\n\nThe fix is simple, add a check in ext4_resize_begin() to make sure that\nthe es->s_reserved_gdt_blocks is zero when the resize_inode feature is\ndisabled."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.9.320", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.285", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.249", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.200", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.124", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.49", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.18.6", "versionStartIncluding": "3.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.19", "versionStartIncluding": "3.7"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-23T13:25:08.007Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49707", "state": "PUBLISHED", "dateUpdated": "2025-12-23T13:25:08.007Z", "dateReserved": "2025-02-26T02:21:30.444Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-02-26T02:24:25.441Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF939175-79DE-4866-B38C-4C8F9896B785", "versionEndExcluding": "4.9.320", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D4E7BA7-6B66-4B9A-991A-AD516DADF77D", "versionEndExcluding": "4.14.285", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A08E48B-CA77-4A21-9558-17D61C146BE9", "versionEndExcluding": "4.19.249", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "80B2AE57-4A7E-40BB-8C83-33D4436CE199", "versionEndExcluding": "5.4.200", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6442F2CD-FF1C-4574-9948-138835E635D7", "versionEndExcluding": "5.10.124", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "697D250E-E0A4-41BE-BB54-96385E129206", "versionEndExcluding": "5.15.49", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDD33A19-B51E-4090-A47B-073098916815", "versionEndExcluding": "5.18.6", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add reserved GDT blocks check\n\nWe capture a NULL pointer issue when resizing a corrupt ext4 image which\nis freshly clear resize_inode feature (not run e2fsck). It could be\nsimply reproduced by following steps. The problem is because of the\nresize_inode feature was cleared, and it will convert the filesystem to\nmeta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was\nnot reduced to zero, so could we mistakenly call reserve_backup_gdb()\nand passing an uninitialized resize_inode to it when adding new group\ndescriptors.\n\n mkfs.ext4 /dev/sda 3G\n tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck\n mount /dev/sda /mnt\n resize2fs /dev/sda 8G\n\n ========\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748\n ...\n RIP: 0010:ext4_flex_group_add+0xe08/0x2570\n ...\n Call Trace:\n <TASK>\n ext4_resize_fs+0xbec/0x1660\n __ext4_ioctl+0x1749/0x24e0\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xa6/0x110\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f2dd739617b\n ========\n\nThe fix is simple, add a check in ext4_resize_begin() to make sure that\nthe es->s_reserved_gdt_blocks is zero when the resize_inode feature is\ndisabled."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: agregar bloques GDT reservados comprobar Capturamos un problema de puntero NULL al cambiar el tama\u00f1o de una imagen ext4 corrupta que reci\u00e9n borra la caracter\u00edstica resize_inode (no ejecuta e2fsck). Podr\u00eda reproducirse simplemente siguiendo los pasos. El problema se debe a que se borr\u00f3 la caracter\u00edstica resize_inode y convertir\u00e1 el sistema de archivos al modo meta_bg en ext4_resize_fs(), pero es-&gt;s_reserved_gdt_blocks no se redujo a cero, por lo que podr\u00edamos llamar por error a reserve_backup_gdb() y pasarle un resize_inode no inicializado al agregar nuevos descriptores de grupo. mkfs.ext4 /dev/sda 3G tune2fs -O ^resize_inode /dev/sda #olvid\u00e9 ejecutar el montaje e2fsck solicitado /dev/sda /mnt resize2fs /dev/sda 8G ======== ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000028 CPU: 19 PID: 3243 Comm: resize2fs No contaminado 5.18.0-rc7-00001-gfde086c5ebfd #748 ... RIP: 0010:ext4_flex_group_add+0xe08/0x2570 ... Seguimiento de llamadas: ext4_resize_fs+0xbec/0x1660 __ext4_ioctl+0x1749/0x24e0 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xa6/0x110 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f2dd739617b ======== La soluci\u00f3n es simple, agregue una comprobaci\u00f3n en ext4_resize_begin() para asegurarse de que es-&gt;s_reserved_gdt_blocks sea cero cuando la funci\u00f3n resize_inode est\u00e9 deshabilitada."}], "id": "CVE-2022-49707", "lastModified": "2025-10-01T20:17:06.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-26T07:01:46.500", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/33b1bba31f4c784d33d2c2517964bdccdc9204cd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7c921328ac760bba780bdace41f4cd045f7f1405"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af75c481a2e45e70f62f5942c93695e95bf7bd21"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b55c3cd102a6f48b90e61c44f7f3dda8c290c694"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9747263b13e5290ac4d63bec47e38f701303cad"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bfd004a1d3a062aac300523d406ac1f3e5f1a82c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fba54289176702a7caac0b64738406775817f451"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: ext4: add reserved GDT blocks check", "id": "2348100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348100"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\next4: add reserved GDT blocks check\nWe capture a NULL pointer issue when resizing a corrupt ext4 image which\nis freshly clear resize_inode feature (not run e2fsck). It could be\nsimply reproduced by following steps. The problem is because of the\nresize_inode feature was cleared, and it will convert the filesystem to\nmeta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was\nnot reduced to zero, so could we mistakenly call reserve_backup_gdb()\nand passing an uninitialized resize_inode to it when adding new group\ndescriptors.\nmkfs.ext4 /dev/sda 3G\ntune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck\nmount /dev/sda /mnt\nresize2fs /dev/sda 8G\n========\nBUG: kernel NULL pointer dereference, address: 0000000000000028\nCPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748\n...\nRIP: 0010:ext4_flex_group_add+0xe08/0x2570\n...\nCall Trace:\n<TASK>\next4_resize_fs+0xbec/0x1660\n__ext4_ioctl+0x1749/0x24e0\next4_ioctl+0x12/0x20\n__x64_sys_ioctl+0xa6/0x110\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f2dd739617b\n========\nThe fix is simple, add a check in ext4_resize_begin() to make sure that\nthe es->s_reserved_gdt_blocks is zero when the resize_inode feature is\ndisabled.", "A flaw was found in the ext4 module in the Linux kernel. Resizing a corrupt ext4 image can cause a NULL pointer dereference due to a missing check if the reserved GDT blocks is zero when the resize_inode feature is disabled, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-49707", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49707\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49707\nhttps://lore.kernel.org/linux-cve-announce/2025022630-CVE-2022-49707-c4b7@gregkh/T"], "statement": "This issue has been fixed in Red Hat Enterprise Linux 8.7 and 9.1 via RHSA-2022:7683 [1] and RHSA-2022:8267 [2], respectively.\n[1]. https://access.redhat.com/errata/RHSA-2022:7683\n[2]. https://access.redhat.com/errata/RHSA-2022:8267", "threat_severity": "Moderate"}

{}