CVE-2022-50839Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to buffer head buffer head reference count leak. To solve above issue, update 'journal->j_fc_off' before return -EIO.

Affected Packages4 packages

Linuxlinux/linux_kernel5.10.05.10.150+3
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxff780b91efe901b8eecd8114785abae5341820ad7a33dde572fceb45d02d188e0213c47059401c93+5
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-mjvq-c742-r5cx: In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' i2025-12-30
OSV
jbd2: fix potential buffer head reference count leak2025-12-30
OSV
CVE-2022-50839: In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: jbd2: fix potential buffer head reference count leak2025-12-30
Debian
CVE-2022-50839: linux - In the Linux kernel, the following vulnerability has been resolved: jbd2: fix p...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50839 Impact, Exploitability, and Mitigation Steps | Wiz