CVE-2022-50270 in Linux
Summary
by MITRE • 09/15/2025
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix the assign logic of iocb
commit 18ae8d12991b ("f2fs: show more DIO information in tracepoint") introduces iocb field in 'f2fs_direct_IO_enter' trace event And it only assigns the pointer and later it accesses its field in trace print log.
Unable to handle kernel paging request at virtual address ffffffc04cef3d30 Mem abort info: ESR = 0x96000007 EC = 0x25: DABT (current EL), IL = 32 bits
pc : trace_raw_output_f2fs_direct_IO_enter+0x54/0xa4 lr : trace_raw_output_f2fs_direct_IO_enter+0x2c/0xa4 sp : ffffffc0443cbbd0 x29: ffffffc0443cbbf0 x28: ffffff8935b120d0 x27: ffffff8935b12108 x26: ffffff8935b120f0 x25: ffffff8935b12100 x24: ffffff8935b110c0 x23: ffffff8935b10000 x22: ffffff88859a936c x21: ffffff88859a936c x20: ffffff8935b110c0 x19: ffffff8935b10000 x18: ffffffc03b195060 x17: ffffff8935b11e76 x16: 00000000000000cc x15: ffffffef855c4f2c x14: 0000000000000001 x13: 000000000000004e x12: ffff0000ffffff00 x11: ffffffef86c350d0 x10: 00000000000010c0 x9 : 000000000fe0002c x8 : ffffffc04cef3d28 x7 : 7f7f7f7f7f7f7f7f x6 : 0000000002000000 x5 : ffffff8935b11e9a x4 : 0000000000006250 x3 : ffff0a00ffffff04 x2 : 0000000000000002 x1 : ffffffef86a0a31f x0 : ffffff8935b10000 Call trace: trace_raw_output_f2fs_direct_IO_enter+0x54/0xa4 print_trace_fmt+0x9c/0x138 print_trace_line+0x154/0x254 tracing_read_pipe+0x21c/0x380 vfs_read+0x108/0x3ac ksys_read+0x7c/0xec __arm64_sys_read+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common.llvm.1237943816091755067+0xb8/0xf8 do_el0_svc+0x28/0xa0
Fix it by copying the required variables for printing and while at it fix the similar issue at some other places in the same file.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/23/2026
The vulnerability identified as CVE-2022-50270 resides within the Linux kernel's f2fs (Flash-Friendly File System) implementation, specifically affecting the direct I/O trace event handling mechanism. This issue manifests as a kernel paging fault occurring at virtual address fffffffc04cef3d30 with ESR value 0x96000007 indicating a data abort at current exception level with 32-bit instruction length. The fault originates from the trace_raw_output_f2fs_direct_IO_enter function where an improper assignment of the iocb pointer field leads to subsequent access violations during trace log generation.
The technical flaw stems from improper pointer handling within the f2fs_direct_IO_enter trace event implementation introduced in commit 18ae8d12991b. The code assigns a pointer to the iocb field but fails to properly copy the required variables before accessing their fields during trace print operations. This creates a scenario where the kernel attempts to dereference a pointer that may not contain valid data or may have been corrupted during the trace event processing. The memory access violation occurs at the trace output processing level, specifically when the trace subsystem attempts to format and print the trace information containing the improperly handled iocb pointer.
This vulnerability represents a critical security issue classified under CWE-476 as "NULL Pointer Dereference" and potentially aligns with ATT&CK technique T1547.001 for privilege escalation through kernel exploitation. The operational impact includes potential system crashes, denial of service conditions, and in worst-case scenarios could enable privilege escalation attacks if exploited by malicious actors. The vulnerability affects systems running Linux kernels with f2fs filesystem support, particularly those utilizing direct I/O operations with tracepoint capabilities, making it relevant to storage-intensive applications and embedded systems.
The mitigation strategy involves implementing proper variable copying before pointer field access during trace event processing, as demonstrated in the kernel patch that resolves the issue. The fix requires ensuring that all necessary data fields are properly copied rather than referenced through potentially invalid pointers. This approach aligns with security best practices for kernel development and follows the principle of least privilege by preventing unauthorized memory access patterns. System administrators should apply the relevant kernel updates immediately to remediate this vulnerability, while developers should adopt similar defensive programming practices in trace event implementations to prevent similar issues in other kernel subsystems.