CVE-2022-50845 in Linuxinformation

Résumé

par MITRE • 30/12/2025

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix inode leak in ext4_xattr_inode_create() on an error path

There is issue as follows when do setxattr with inject fault:

[localhost]# fsck.ext4 -fn /dev/sda
e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Unattached zero-length inode 15. Clear? no

Unattached inode 15 Connect to /lost+found? no

Pass 5: Checking group summary information

/dev/sda: ********** WARNING: Filesystem still has errors **********

/dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks

This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()' fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

Linux

Réserver

30/12/2025

Divulgation

30/12/2025

Modérer

accepté

Entrée

VDB-338897

CPE

prêt

EPSS

0.00211

KEV

non

Activités

très faible

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!