CVE-2022-50205

ext2: Add more validity checks for inode counts

Description

In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matches the number computed from number of inodes per group. Also verify we have at least one block worth of inodes per group. This prevents crashes on corrupted filesystems.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0bcdc31094a12b4baf59e241feabc9787cf635fa
https://git.kernel.org/stable/c/07303a9abe3a997d9864fb4315e34b5acfe8fc25
https://git.kernel.org/stable/c/b3f423683818cfe15de14d5d9dff44148ff16bbf
https://git.kernel.org/stable/c/d08bb199a406424a8ed0009efdf41710e6d849ee
https://git.kernel.org/stable/c/96b18d3a1be0354ccce43f0ef61b5a3d7e432552
https://git.kernel.org/stable/c/7a48fdc88a3c35e046a6a0a38eba00f21c65b16e
https://git.kernel.org/stable/c/5e63c5fe9123fa76ffaeff26c211308736ec3a07
https://git.kernel.org/stable/c/fa78f336937240d1bc598db817d638086060e7e9

Frequently Asked Questions

What is the severity of CVE-2022-50205?
CVE-2022-50205 has not yet been assigned a CVSS score.
How to fix CVE-2022-50205?
To fix CVE-2022-50205, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50205 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-50205 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50205?
CVE-2022-50205 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.