CVE-2022-50435Improper Control of a Resource Through its Lifetime in Linux

CWE-664Improper Control of a Resource Through its Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets truncated later to say 1 byte and written using normal write, we will try to store the data as inline data. This confuses the code later because the inode now has both normal block and inline data allocated and the confusion manif

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.55.10.150+3
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux378f32bab3714f04c4e0c3aee4129f6703805550fb98cb61efff3b2a1964939465ccaaf906af1d4f+5
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-7mww-5m6h-hg34: In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is crea2025-10-01
OSV
CVE-2022-50435: In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is create2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: ext4: avoid crash when inline data creation follows DIO write2025-10-01
Debian
CVE-2022-50435: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: avoid...2022