Vulnerability-Lookup

CVE-2022-49469 (GCVE-0-2022-49469)

Vulnerability from cvelistv5 – Published: 2025-02-26 02:13 – Updated: 2025-06-19 12:56

Title

btrfs: fix anon_dev leak in create_subvol()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d887b3de318834f9a…
	https://git.kernel.org/stable/c/7a875ad8706f0903a…
	https://git.kernel.org/stable/c/2256e901f5bddc56e…

Impacted products

Vendor

Product

Version

Linux

Affected: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 , < d887b3de318834f9aa637ecf79c6bc66cba7c69a (git)
Affected: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 , < 7a875ad8706f0903a0e812e0dd701956ee9826ff (git)
Affected: 2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788 , < 2256e901f5bddc56e24089c96f27b77da932dfcc (git)
Affected: 917d608fe375041eb7f29befa6a6d7fd3cf32dde (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.17.14 , ≤ 5.17.* (semver)
Unaffected: 5.18.3 , ≤ 5.18.* (semver)
Unaffected: 5.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d887b3de318834f9aa637ecf79c6bc66cba7c69a",
              "status": "affected",
              "version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
              "versionType": "git"
            },
            {
              "lessThan": "7a875ad8706f0903a0e812e0dd701956ee9826ff",
              "status": "affected",
              "version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
              "versionType": "git"
            },
            {
              "lessThan": "2256e901f5bddc56e24089c96f27b77da932dfcc",
              "status": "affected",
              "version": "2dfb1e43f57dd3aeaa66f7cf05d068db2d4c8788",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "917d608fe375041eb7f29befa6a6d7fd3cf32dde",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.14",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:20.479Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc"
        }
      ],
      "title": "btrfs: fix anon_dev leak in create_subvol()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49469",
    "datePublished": "2025-02-26T02:13:13.387Z",
    "dateReserved": "2025-02-26T02:08:31.578Z",
    "dateUpdated": "2025-06-19T12:56:20.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-FH4Q-XRMP-HV9J

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix anon_dev leak in create_subvol()

When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:23Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this.",
  "id": "GHSA-fh4q-xrmp-hv9j",
  "modified": "2025-10-22T18:30:31Z",
  "published": "2025-10-22T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49469"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0920

Vulnerability from certfr_avis - Published: 2025-10-24 - Updated: 2025-10-24

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 mysql 8.0.43-1
Microsoft	N/A	azl3 unbound 1.19.1-4
Microsoft	N/A	azl3 mysql versions antérieures à 8.0.44-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 lz4 1.9.4-1
Microsoft	N/A	azl3 squid versions antérieures à 6.13-3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2022-49267	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62168	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49306	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49610	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11411	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53069	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53062	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49562	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49469	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49333	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49504	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53042	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53045	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53054	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49635	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53040	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57888	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49552	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53053	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49420	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53044	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62813	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57899	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38564	2025-10-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 mysql 8.0.43-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 unbound 1.19.1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 mysql versions ant\u00e9rieures \u00e0 8.0.44-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 lz4 1.9.4-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 squid versions ant\u00e9rieures \u00e0 6.13-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-62168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
    },
    {
      "name": "CVE-2025-53042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
    },
    {
      "name": "CVE-2025-53062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
    },
    {
      "name": "CVE-2022-49610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49610"
    },
    {
      "name": "CVE-2022-49469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49469"
    },
    {
      "name": "CVE-2024-57888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
    },
    {
      "name": "CVE-2022-49333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49333"
    },
    {
      "name": "CVE-2022-49562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
    },
    {
      "name": "CVE-2022-49306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49306"
    },
    {
      "name": "CVE-2025-62813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
    },
    {
      "name": "CVE-2025-53069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
    },
    {
      "name": "CVE-2025-53044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
    },
    {
      "name": "CVE-2022-49504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
    },
    {
      "name": "CVE-2022-49420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49420"
    },
    {
      "name": "CVE-2022-49635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49635"
    },
    {
      "name": "CVE-2024-57899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
    },
    {
      "name": "CVE-2025-53054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
    },
    {
      "name": "CVE-2024-38564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
    },
    {
      "name": "CVE-2025-53040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
    },
    {
      "name": "CVE-2022-49552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49552"
    },
    {
      "name": "CVE-2025-53045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
    },
    {
      "name": "CVE-2025-53053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
    },
    {
      "name": "CVE-2022-49267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49267"
    },
    {
      "name": "CVE-2025-11411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
    }
  ],
  "initial_release_date": "2025-10-24T00:00:00",
  "last_revision_date": "2025-10-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0920",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49267"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62168"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49306",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49306"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49610",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11411",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11411"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53069"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53062"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49562",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49469",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49469"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49333",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49333"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49504",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49504"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53042",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53042"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53045",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53045"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53054",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53054"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49635",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53040"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57888",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57888"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53053"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49420",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49420"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53044",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53044"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62813",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62813"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57899",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57899"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38564",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38564"
    }
  ]
}

FKIE_CVE-2022-49469

Vulnerability from fkie_nvd - Published: 2025-02-26 07:01 - Updated: 2025-10-22 17:22

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a	Patch

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "618D74C0-9F82-42D3-862D-61E9CFE5A7F5",
              "versionEndExcluding": "5.17.14",
              "versionStartIncluding": "5.8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2",
              "versionEndExcluding": "5.18.3",
              "versionStartIncluding": "5.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige la fuga de anon_dev en create_subvol() Cuando btrfs_qgroup_inherit(), btrfs_alloc_tree_block o btrfs_insert_root() fallan en create_subvol(), regresamos sin liberar anon_dev. Reorganice la gesti\u00f3n de errores en create_subvol() para solucionar esto."
    }
  ],
  "id": "CVE-2022-49469",
  "lastModified": "2025-10-22T17:22:59.173",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-26T07:01:23.157",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-49469 (GCVE-0-2022-49469)

GHSA-FH4Q-XRMP-HV9J

CERTFR-2025-AVI-0920

Solutions

FKIE_CVE-2022-49469

Tags

Sightings

Nomenclature