CVE-2022-50766Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer syzbot is reporting uninit-value in btrfs_clean_tree_block() [1], for commit bc877d285ca3dba2 ("btrfs: Deduplicate extent_buffer init code") missed that btrfs_set_header_generation() in btrfs_init_new_buffer() must not be moved to after clean_tree_block() because clean_tree_block() is calling btrfs_header_generation() since commit 55c69072d6bd

Affected Packages4 packages

Linuxlinux/linux_kernel4.19.05.15.75+2
Debianlinux/linux_kernel< 6.0.3-1+2
CVEListV5linux/linuxbc877d285ca3dba24c52406946a4a69847cc74220a408c6212c16b9a2a1141d3c531247582ef8101+4
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50766: In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buff2025-12-24
OSV
btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer2025-12-24
GHSA
GHSA-65xq-q38h-gcrc: In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buf2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer2025-12-24
Debian
CVE-2022-50766: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: set ...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50766 Impact, Exploitability, and Mitigation Steps | Wiz