fkie_cve-2022-49739
Vulnerability from fkie_nvd
Published
2025-03-27 17:15
Modified
2025-03-28 18:11
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/46c9088cabd4d0469fdb61ac2a9c5003057fe94d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4d4cb76636134bf9a0c9c3432dae936f99954586
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/70376c7ff31221f1d21db5611d8209e677781d3a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c414f6f06e9a3934901b6edc3177ae5a1e07094
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d458a0984429c2d47e60254f5bc4119cbafe83a2
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Always check inode size of inline inodes\n\nCheck if the inode size of stuffed (inline) inodes is within the allowed\nrange when reading inodes from disk (gfs2_dinode_in()).  This prevents\nus from on-disk corruption.\n\nThe two checks in stuffed_readpage() and gfs2_unstuffer_page() that just\ntruncate inline data to the maximum allowed size don\u0027t actually make\nsense, and they can be removed now as well."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: Comprobar siempre el tama\u00f1o de los inodos en l\u00ednea. Se comprueba si el tama\u00f1o de los inodos rellenos (en l\u00ednea) est\u00e1 dentro del rango permitido al leer inodos del disco (gfs2_dinode_in()). Esto evita la corrupci\u00f3n en disco. Las dos comprobaciones en stuffed_readpage() y gfs2_unstuffer_page(), que simplemente truncan los datos en l\u00ednea al tama\u00f1o m\u00e1ximo permitido, no tienen sentido y tambi\u00e9n se pueden eliminar."
    }
  ],
  "id": "CVE-2022-49739",
  "lastModified": "2025-03-28T18:11:49.747",
  "metrics": {},
  "published": "2025-03-27T17:15:38.460",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/46c9088cabd4d0469fdb61ac2a9c5003057fe94d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4d4cb76636134bf9a0c9c3432dae936f99954586"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/70376c7ff31221f1d21db5611d8209e677781d3a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7c414f6f06e9a3934901b6edc3177ae5a1e07094"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d458a0984429c2d47e60254f5bc4119cbafe83a2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.