CVE-2022-28796: jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796 [HIGH] CWE-362 GHSA-mj7m-2xg5-q6g9: jbd2_journal_wait_updates in fs/jbd2/transaction jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796 [HIGH] CVE-2022-28796: jbd2_journal_wait_updates in fs/jbd2/transaction jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796 [HIGH] CWE-362 jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner mitre: mitre

CVE-2022-28796 [HIGH] CWE-416 kernel: a use-after-free caused by a transaction_t race condition kernel: a use-after-free caused by a transaction_t race condition jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. A use-after-free flaw was found in the Linux kernel’s journaling layer of the ext4 and OCFS2 file system functionality in the way a user can trigger a race condition during writing to the file system. This flaw allows a local user to crash or potentially escalate their privileges on the system. Statement: This kind of race condition is hard to trigger and there are no known reproducers to trigger it, so keeping the impact moderate. Mitigation: To mitigate this issue, prevent the module jbd2 from being loaded. Please see https://access.redhat.com/solutions/41278 for informatio

CVE-2022-28796 [HIGH] CVE-2022-28796: linux - jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.... jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-28796 [HIGH] CVE-2022-28796 kernel: a use-after-free caused by a transaction_t race condition CVE-2022-28796 kernel: a use-after-free caused by a transaction_t race condition jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2073942] --- The fix The patch which created this issue was in 5.17-rc3 and later kernels, and the fix was brought back into 5.17.1, so stable Fedora releases are not impacted, and the Fedora 36 beta was fixed with the 5.17.1 kernel update.