CVE-2022-49318

f2fs: remove WARN_ON in f2fs_is_valid_blkaddr

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and __is_bitmap_valid. For example, in f2fs_is_valid_blkaddr, if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ, it invokes WARN_ON if blkaddr is not in the right range. The call trace is as follows: f2fs_get_node_info+0x45f/0x1070 read_node_page+0x577/0x1190 __get_node_page.part.0+0x9e/0x10e0 __get_node_page f2fs_get_node_page+0x109/0x180 do_read_inode f2fs_iget+0x2a5/0x58b0 f2fs_fill_super+0x3b39/0x7ca0 Fix these two WARNs by replacing WARN_ON with dump_stack.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0a7a1fc7e71eecf2e5053a6c312c9f0dcbb9b8fd patch
https://git.kernel.org/stable/c/32bea51fe4c6e92c00403739f7547c89219bea88 patch
https://git.kernel.org/stable/c/99c09b298e47ebbe345a6da9f268b32a6b0f4582 patch
https://git.kernel.org/stable/c/cd6374af36cc548464d8c47a93fdba7303bb82a4 patch
https://git.kernel.org/stable/c/8c62c5e26345c34d199b4b8c8e69255ba3d0e751 patch
https://git.kernel.org/stable/c/dc2f78e2d4cc844a1458653d57ce1b54d4a29f21 patch

Frequently Asked Questions

What is the severity of CVE-2022-49318?
CVE-2022-49318 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49318?
To fix CVE-2022-49318, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49318 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49318 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49318?
CVE-2022-49318 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.