CVE-2022-50379Race Condition in Linux

CWE-362Race ConditionCWE-366Race Condition within a Thread6 documents6 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 98.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas, at btrfs_quota_enable(), after committing the transaction, we change fs_info->quota_root to point to the quota root we created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try to start the qgroup rescan worker, first by initializing it with a call to qgroup_rescan_init() - however if that fails we end up freeing the quota root but we

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.205.4.220+5
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux5d23515be66904fa3b1b5d6bd72d2199cd2447abc97f6d528c3f1c83a6b792a8a7928c236c80b8fe+7
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50379: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas,2025-09-18
GHSA
GHSA-ffg2-pg2r-fw6w: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel (btrfs): Use-after-free vulnerability leads to Denial of Service2025-09-18
Debian
CVE-2022-50379: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ...2022

💬Community

1
Bugzilla
CVE-2022-50379 kernel: Linux kernel (btrfs): Use-after-free vulnerability leads to Denial of Service2025-09-18
CVE-2022-50379 — Race Condition in Linux | cvebase