CVE-2022-50346 (GCVE-0-2022-50346)

Vulnerability from cvelistv5 – Published: 2025-09-16 16:11 – Updated: 2026-01-14 18:22
VLAI?
Title
ext4: init quota for 'old.inode' in 'ext4_rename'
Summary
In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828 __ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128 __ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128 ext4_xattr_block_set: inode=ffff88823869a2c8 ------------[ cut here ]------------ WARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4_xattr_block_set.cold+0x22/0x980 Modules linked in: RIP: 0010:ext4_xattr_block_set.cold+0x22/0x980 RSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000 RDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178 RBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e R10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000 R13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000 FS: 00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? ext4_xattr_set_entry+0x3b7/0x2320 ? ext4_xattr_block_set+0x0/0x2020 ? ext4_xattr_set_entry+0x0/0x2320 ? ext4_xattr_check_entries+0x77/0x310 ? ext4_xattr_ibody_set+0x23b/0x340 ext4_xattr_move_to_block+0x594/0x720 ext4_expand_extra_isize_ea+0x59a/0x10f0 __ext4_expand_extra_isize+0x278/0x3f0 __ext4_mark_inode_dirty.cold+0x347/0x410 ext4_rename+0xed3/0x174f vfs_rename+0x13a7/0x2510 do_renameat2+0x55d/0x920 __x64_sys_rename+0x7d/0xb0 do_syscall_64+0x3b/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc As 'ext4_rename' will modify 'old.inode' ctime and mark inode dirty, which may trigger expand 'extra_isize' and allocate block. If inode didn't init quota will lead to warning. To solve above issue, init 'old.inode' firstly in 'ext4_rename'.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-908 - Use of Uninitialized Resource
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < 67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5 (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < 33fd7031d634f3b46e59f61adfbb0ea9fe514fef (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < 7dfb8259f66faafa68d23a261b284d2c2c67649b (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < f263e349bacc2f303526dcfa61c4bc50132418b1 (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < 84a2f2ed49d6a4d92b354219077434c57d334620 (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < def7a39091e60e1c4a2f623629082a00092602be (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < 135ba9146f4d38abed48a540ef8a8770ff0bd34f (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < 13271fbbe85d73a7c47058f56a52f2a7f00d6e39 (git)
Affected: 6dd4ee7cab7e3a17c571aebd444f4344c8c4946e , < fae381a3d79bb94aa2eb752170d47458d778b797 (git)
Create a notification for this product.
    Linux Linux Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.9.337 , ≤ 4.9.* (semver)
Unaffected: 4.14.303 , ≤ 4.14.* (semver)
Unaffected: 4.19.270 , ≤ 4.19.* (semver)
Unaffected: 5.4.229 , ≤ 5.4.* (semver)
Unaffected: 5.10.163 , ≤ 5.10.* (semver)
Unaffected: 5.15.87 , ≤ 5.15.* (semver)
Unaffected: 6.0.18 , ≤ 6.0.* (semver)
Unaffected: 6.1.4 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-50346",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T18:20:55.614076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T18:22:58.321Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "33fd7031d634f3b46e59f61adfbb0ea9fe514fef",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "7dfb8259f66faafa68d23a261b284d2c2c67649b",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "f263e349bacc2f303526dcfa61c4bc50132418b1",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "84a2f2ed49d6a4d92b354219077434c57d334620",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "def7a39091e60e1c4a2f623629082a00092602be",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "135ba9146f4d38abed48a540ef8a8770ff0bd34f",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "13271fbbe85d73a7c47058f56a52f2a7f00d6e39",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            },
            {
              "lessThan": "fae381a3d79bb94aa2eb752170d47458d778b797",
              "status": "affected",
              "version": "6dd4ee7cab7e3a17c571aebd444f4344c8c4946e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.18",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.4",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: init quota for \u0027old.inode\u0027 in \u0027ext4_rename\u0027\n\nSyzbot found the following issue:\next4_parse_param: s_want_extra_isize=128\next4_inode_info_init: s_want_extra_isize=32\next4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828\n__ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128\n__ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128\next4_xattr_block_set: inode=ffff88823869a2c8\n------------[ cut here ]------------\nWARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4_xattr_block_set.cold+0x22/0x980\nModules linked in:\nRIP: 0010:ext4_xattr_block_set.cold+0x22/0x980\nRSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000\nRDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178\nRBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e\nR10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000\nR13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000\nFS:  00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? ext4_xattr_set_entry+0x3b7/0x2320\n ? ext4_xattr_block_set+0x0/0x2020\n ? ext4_xattr_set_entry+0x0/0x2320\n ? ext4_xattr_check_entries+0x77/0x310\n ? ext4_xattr_ibody_set+0x23b/0x340\n ext4_xattr_move_to_block+0x594/0x720\n ext4_expand_extra_isize_ea+0x59a/0x10f0\n __ext4_expand_extra_isize+0x278/0x3f0\n __ext4_mark_inode_dirty.cold+0x347/0x410\n ext4_rename+0xed3/0x174f\n vfs_rename+0x13a7/0x2510\n do_renameat2+0x55d/0x920\n __x64_sys_rename+0x7d/0xb0\n do_syscall_64+0x3b/0xa0\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nAs \u0027ext4_rename\u0027 will modify \u0027old.inode\u0027 ctime and mark inode dirty,\nwhich may trigger expand \u0027extra_isize\u0027 and allocate block. If inode\ndidn\u0027t init quota will lead to warning.  To solve above issue, init\n\u0027old.inode\u0027 firstly in \u0027ext4_rename\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:29:01.356Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/33fd7031d634f3b46e59f61adfbb0ea9fe514fef"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dfb8259f66faafa68d23a261b284d2c2c67649b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f263e349bacc2f303526dcfa61c4bc50132418b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/84a2f2ed49d6a4d92b354219077434c57d334620"
        },
        {
          "url": "https://git.kernel.org/stable/c/def7a39091e60e1c4a2f623629082a00092602be"
        },
        {
          "url": "https://git.kernel.org/stable/c/135ba9146f4d38abed48a540ef8a8770ff0bd34f"
        },
        {
          "url": "https://git.kernel.org/stable/c/13271fbbe85d73a7c47058f56a52f2a7f00d6e39"
        },
        {
          "url": "https://git.kernel.org/stable/c/fae381a3d79bb94aa2eb752170d47458d778b797"
        }
      ],
      "title": "ext4: init quota for \u0027old.inode\u0027 in \u0027ext4_rename\u0027",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50346",
    "datePublished": "2025-09-16T16:11:39.179Z",
    "dateReserved": "2025-09-16T16:03:27.882Z",
    "dateUpdated": "2026-01-14T18:22:58.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-50346\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-14T18:20:55.614076Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-908\", \"description\": \"CWE-908 Use of Uninitialized Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-14T18:20:51.389Z\"}}], \"cna\": {\"title\": \"ext4: init quota for \u0027old.inode\u0027 in \u0027ext4_rename\u0027\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"33fd7031d634f3b46e59f61adfbb0ea9fe514fef\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"7dfb8259f66faafa68d23a261b284d2c2c67649b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"f263e349bacc2f303526dcfa61c4bc50132418b1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"84a2f2ed49d6a4d92b354219077434c57d334620\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"def7a39091e60e1c4a2f623629082a00092602be\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"135ba9146f4d38abed48a540ef8a8770ff0bd34f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"13271fbbe85d73a7c47058f56a52f2a7f00d6e39\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6dd4ee7cab7e3a17c571aebd444f4344c8c4946e\", \"lessThan\": \"fae381a3d79bb94aa2eb752170d47458d778b797\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/ext4/namei.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.23\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.23\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.9.337\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.303\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.270\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.229\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.163\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.87\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.0.18\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.2\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/ext4/namei.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5\"}, {\"url\": \"https://git.kernel.org/stable/c/33fd7031d634f3b46e59f61adfbb0ea9fe514fef\"}, {\"url\": \"https://git.kernel.org/stable/c/7dfb8259f66faafa68d23a261b284d2c2c67649b\"}, {\"url\": \"https://git.kernel.org/stable/c/f263e349bacc2f303526dcfa61c4bc50132418b1\"}, {\"url\": \"https://git.kernel.org/stable/c/84a2f2ed49d6a4d92b354219077434c57d334620\"}, {\"url\": \"https://git.kernel.org/stable/c/def7a39091e60e1c4a2f623629082a00092602be\"}, {\"url\": \"https://git.kernel.org/stable/c/135ba9146f4d38abed48a540ef8a8770ff0bd34f\"}, {\"url\": \"https://git.kernel.org/stable/c/13271fbbe85d73a7c47058f56a52f2a7f00d6e39\"}, {\"url\": \"https://git.kernel.org/stable/c/fae381a3d79bb94aa2eb752170d47458d778b797\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\next4: init quota for \u0027old.inode\u0027 in \u0027ext4_rename\u0027\\n\\nSyzbot found the following issue:\\next4_parse_param: s_want_extra_isize=128\\next4_inode_info_init: s_want_extra_isize=32\\next4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828\\n__ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128\\n__ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128\\next4_xattr_block_set: inode=ffff88823869a2c8\\n------------[ cut here ]------------\\nWARNING: CPU: 13 PID: 2234 at fs/ext4/xattr.c:2070 ext4_xattr_block_set.cold+0x22/0x980\\nModules linked in:\\nRIP: 0010:ext4_xattr_block_set.cold+0x22/0x980\\nRSP: 0018:ffff888227d3f3b0 EFLAGS: 00010202\\nRAX: 0000000000000001 RBX: ffff88823007a000 RCX: 0000000000000000\\nRDX: 0000000000000a03 RSI: 0000000000000040 RDI: ffff888230078178\\nRBP: 0000000000000000 R08: 000000000000002c R09: ffffed1075c7df8e\\nR10: ffff8883ae3efc6b R11: ffffed1075c7df8d R12: 0000000000000000\\nR13: ffff88823869a2c8 R14: ffff8881012e0460 R15: dffffc0000000000\\nFS:  00007f350ac1f740(0000) GS:ffff8883ae200000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f350a6ed6a0 CR3: 0000000237456000 CR4: 00000000000006e0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n ? ext4_xattr_set_entry+0x3b7/0x2320\\n ? ext4_xattr_block_set+0x0/0x2020\\n ? ext4_xattr_set_entry+0x0/0x2320\\n ? ext4_xattr_check_entries+0x77/0x310\\n ? ext4_xattr_ibody_set+0x23b/0x340\\n ext4_xattr_move_to_block+0x594/0x720\\n ext4_expand_extra_isize_ea+0x59a/0x10f0\\n __ext4_expand_extra_isize+0x278/0x3f0\\n __ext4_mark_inode_dirty.cold+0x347/0x410\\n ext4_rename+0xed3/0x174f\\n vfs_rename+0x13a7/0x2510\\n do_renameat2+0x55d/0x920\\n __x64_sys_rename+0x7d/0xb0\\n do_syscall_64+0x3b/0xa0\\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\\n\\nAs \u0027ext4_rename\u0027 will modify \u0027old.inode\u0027 ctime and mark inode dirty,\\nwhich may trigger expand \u0027extra_isize\u0027 and allocate block. If inode\\ndidn\u0027t init quota will lead to warning.  To solve above issue, init\\n\u0027old.inode\u0027 firstly in \u0027ext4_rename\u0027.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.337\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.303\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.270\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.229\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.163\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.87\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0.18\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.4\", \"versionStartIncluding\": \"2.6.23\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.2\", \"versionStartIncluding\": \"2.6.23\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-12-23T13:29:01.356Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-50346\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-14T18:22:58.321Z\", \"dateReserved\": \"2025-09-16T16:03:27.882Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-09-16T16:11:39.179Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.