CVE-2022-49033 in Linuxinfo

Zusammenfassung

von MITRE • 21.10.2024

In the Linux kernel, the following vulnerability has been resolved:

btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

Syzkaller reported BUG as follows:

BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call Trace: dump_stack_lvl+0xcd/0x134 __might_resched.cold+0x222/0x26b kmem_cache_alloc+0x2e7/0x3c0 update_qgroup_limit_item+0xe1/0x390 btrfs_qgroup_inherit+0x147b/0x1ee0 create_subvol+0x4eb/0x1710 btrfs_mksubvol+0xfe5/0x13f0 __btrfs_ioctl_snap_create+0x2b0/0x430 btrfs_ioctl_snap_create_v2+0x25a/0x520 btrfs_ioctl+0x2a1c/0x5ce0 __x64_sys_ioctl+0x193/0x200 do_syscall_64+0x35/0x80

Fix this by calling qgroup_dirty() on @dstqgroup, and update limit item in btrfs_run_qgroups() later outside of the spinlock context.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Linux

Reservieren

22.08.2024

Veröffentlichung

21.10.2024

Moderieren

akzeptiert

Eintrag

VDB-281355

CPE

bereit

CWE

CWE-121 (bestätigt)

CVSS

5.5 (NVD)

EPSS

0.00011

KEV

nein

Aktivitäten

very low

Sektor

Lawfirm, Police, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-49033
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-49033
CVE Details	https://www.cvedetails.com/cve/CVE-2022-49033/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!