{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50021", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.393Z", "datePublished": "2025-06-18T11:01:25.045Z", "dateUpdated": "2026-05-11T19:11:15.182Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:11:15.182Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: block range must be validated before use in ext4_mb_clear_bb()\n\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\n\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n <TASK>\n ? lock_timer_base+0x61/0x80\n ? __es_remove_extent+0x5a/0x760\n ? __mod_timer+0x256/0x380\n ? ext4_ind_truncate_ensure_credits+0x90/0x220\n ext4_clear_blocks+0x107/0x1b0\n ext4_free_data+0x15b/0x170\n ext4_ind_truncate+0x214/0x2c0\n ? _raw_spin_unlock+0x15/0x30\n ? ext4_discard_preallocations+0x15a/0x410\n ? ext4_journal_check_start+0xe/0x90\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_truncate+0x1b5/0x460\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_evict_inode+0x2b4/0x6f0\n evict+0xd0/0x1d0\n ext4_enable_quotas+0x11f/0x1f0\n ext4_orphan_cleanup+0x3de/0x430\n ? proc_create_seq_private+0x43/0x50\n ext4_fill_super+0x295f/0x3ae0\n ? snprintf+0x39/0x40\n ? sget_fc+0x19c/0x330\n ? ext4_reconfigure+0x850/0x850\n get_tree_bdev+0x16d/0x260\n vfs_get_tree+0x25/0xb0\n path_mount+0x431/0xa70\n __x64_sys_mount+0xe2/0x120\n do_syscall_64+0x5b/0x80\n ? do_user_addr_fault+0x1e2/0x670\n ? exc_page_fault+0x70/0x170\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\n\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/mballoc.c"], "versions": [{"version": "84130193e0e6568dfdfb823f0e1e19aec80aff6e", "lessThan": "7550aade978371ac582f6d43b14c4cb89ca54463", "status": "affected", "versionType": "git"}, {"version": "84130193e0e6568dfdfb823f0e1e19aec80aff6e", "lessThan": "560a2744cbbf03cac65a6394f9b0d99aa437c867", "status": "affected", "versionType": "git"}, {"version": "84130193e0e6568dfdfb823f0e1e19aec80aff6e", "lessThan": "a2522041d248a8c969cbbc97e1fc2cd8b4de120d", "status": "affected", "versionType": "git"}, {"version": "84130193e0e6568dfdfb823f0e1e19aec80aff6e", "lessThan": "1e1c2b86ef86a8477fd9b9a4f48a6bfe235606f6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/mballoc.c"], "versions": [{"version": "3.2", "status": "affected"}, {"version": "0", "lessThan": "3.2", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.175", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.103", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.4", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "5.10.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "5.15.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "5.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2", "versionEndExcluding": "6.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7550aade978371ac582f6d43b14c4cb89ca54463"}, {"url": "https://git.kernel.org/stable/c/560a2744cbbf03cac65a6394f9b0d99aa437c867"}, {"url": "https://git.kernel.org/stable/c/a2522041d248a8c969cbbc97e1fc2cd8b4de120d"}, {"url": "https://git.kernel.org/stable/c/1e1c2b86ef86a8477fd9b9a4f48a6bfe235606f6"}], "title": "ext4: block range must be validated before use in ext4_mb_clear_bb()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0087A626-8E12-4ADA-AF5C-85736C0B7E84", "versionEndExcluding": "5.10.175", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A57CCEF-C453-48CE-9A6E-71A03C369F61", "versionEndExcluding": "5.15.103", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E669300-DA42-4ACD-86D8-68BE5F29FB88", "versionEndExcluding": "5.19.4", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: block range must be validated before use in ext4_mb_clear_bb()\n\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\n\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n <TASK>\n ? lock_timer_base+0x61/0x80\n ? __es_remove_extent+0x5a/0x760\n ? __mod_timer+0x256/0x380\n ? ext4_ind_truncate_ensure_credits+0x90/0x220\n ext4_clear_blocks+0x107/0x1b0\n ext4_free_data+0x15b/0x170\n ext4_ind_truncate+0x214/0x2c0\n ? _raw_spin_unlock+0x15/0x30\n ? ext4_discard_preallocations+0x15a/0x410\n ? ext4_journal_check_start+0xe/0x90\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_truncate+0x1b5/0x460\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_evict_inode+0x2b4/0x6f0\n evict+0xd0/0x1d0\n ext4_enable_quotas+0x11f/0x1f0\n ext4_orphan_cleanup+0x3de/0x430\n ? proc_create_seq_private+0x43/0x50\n ext4_fill_super+0x295f/0x3ae0\n ? snprintf+0x39/0x40\n ? sget_fc+0x19c/0x330\n ? ext4_reconfigure+0x850/0x850\n get_tree_bdev+0x16d/0x260\n vfs_get_tree+0x25/0xb0\n path_mount+0x431/0xa70\n __x64_sys_mount+0xe2/0x120\n do_syscall_64+0x5b/0x80\n ? do_user_addr_fault+0x1e2/0x670\n ? exc_page_fault+0x70/0x170\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\n\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: el rango de bloques debe validarse antes de su uso en ext4_mb_clear_bb(). El rango de bloques a liberar se valida en ext4_free_blocks() mediante ext4_inode_block_valid() y luego se pasa a ext4_mb_clear_bb(). Sin embargo, en algunas situaciones en el sistema de archivos bigalloc, el rango podr\u00eda ajustarse despu\u00e9s de la validaci\u00f3n en ext4_free_blocks(), lo que puede causar problemas en sistemas de archivos da\u00f1ados, como el detectado por syzkaller, que result\u00f3 en el siguiente error del kernel en fs/ext4/ext4.h:3319. PREEMPT SMP NOPTI CPU: 28 PID: 4243 Comm: repro Kdump: cargado No contaminado 5.19.0-rc6+ #1 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 01/04/2014 RIP: 0010:ext4_free_blocks+0x95e/0xa90 Rastreo de llamadas ? lock_timer_base+0x61/0x80 ? __es_remove_extent+0x5a/0x760 ? __mod_timer+0x256/0x380 ? ext4_ind_truncate_ensure_credits+0x90/0x220 ext4_clear_blocks+0x107/0x1b0 ext4_free_data+0x15b/0x170 ext4_ind_truncate+0x214/0x2c0 ? _raw_spin_unlock+0x15/0x30 ? ext4_discard_preallocations+0x15a/0x410 ? ext4_journal_check_start+0xe/0x90 ? __ext4_journal_start_sb+0x2f/0x110 ext4_truncate+0x1b5/0x460 ? __ext4_journal_start_sb+0x2f/0x110 ext4_evict_inode+0x2b4/0x6f0 evict+0xd0/0x1d0 ext4_enable_quotas+0x11f/0x1f0 ext4_orphan_cleanup+0x3de/0x430 ? proc_create_seq_private+0x43/0x50 ext4_fill_super+0x295f/0x3ae0 ? snprintf+0x39/0x40 ? sget_fc+0x19c/0x330 ? ext4_reconfigure+0x850/0x850 get_tree_bdev+0x16d/0x260 vfs_get_tree+0x25/0xb0 path_mount+0x431/0xa70 __x64_sys_mount+0xe2/0x120 do_syscall_64+0x5b/0x80 ? do_user_addr_fault+0x1e2/0x670 ? exc_page_fault+0x70/0x170 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fdf4e512ace Corr\u00edjalo asegur\u00e1ndose de que el rango de bloques est\u00e9 validado correctamente antes de usarse cada vez que cambie en ext4_free_blocks() o ext4_mb_clear_bb()."}], "id": "CVE-2022-50021", "lastModified": "2025-11-13T19:39:43.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-18T11:15:30.280", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e1c2b86ef86a8477fd9b9a4f48a6bfe235606f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/560a2744cbbf03cac65a6394f9b0d99aa437c867"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7550aade978371ac582f6d43b14c4cb89ca54463"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a2522041d248a8c969cbbc97e1fc2cd8b4de120d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ext4: block range must be validated before use in ext4_mb_clear_bb()", "id": "2373492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373492"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\next4: block range must be validated before use in ext4_mb_clear_bb()\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n<TASK>\n? lock_timer_base+0x61/0x80\n? __es_remove_extent+0x5a/0x760\n? __mod_timer+0x256/0x380\n? ext4_ind_truncate_ensure_credits+0x90/0x220\next4_clear_blocks+0x107/0x1b0\next4_free_data+0x15b/0x170\next4_ind_truncate+0x214/0x2c0\n? _raw_spin_unlock+0x15/0x30\n? ext4_discard_preallocations+0x15a/0x410\n? ext4_journal_check_start+0xe/0x90\n? __ext4_journal_start_sb+0x2f/0x110\next4_truncate+0x1b5/0x460\n? __ext4_journal_start_sb+0x2f/0x110\next4_evict_inode+0x2b4/0x6f0\nevict+0xd0/0x1d0\next4_enable_quotas+0x11f/0x1f0\next4_orphan_cleanup+0x3de/0x430\n? proc_create_seq_private+0x43/0x50\next4_fill_super+0x295f/0x3ae0\n? snprintf+0x39/0x40\n? sget_fc+0x19c/0x330\n? ext4_reconfigure+0x850/0x850\nget_tree_bdev+0x16d/0x260\nvfs_get_tree+0x25/0xb0\npath_mount+0x431/0xa70\n__x64_sys_mount+0xe2/0x120\ndo_syscall_64+0x5b/0x80\n? do_user_addr_fault+0x1e2/0x670\n? exc_page_fault+0x70/0x170\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb()."], "name": "CVE-2022-50021", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50021\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50021\nhttps://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50021-2162@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-06-23T08:20:14.655566+00:00", "updated": "2025-06-23T08:20:14.655622+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}