CVE-2022-48712

In the Linux kernel, the following vulnerability has been resolved: ext4: fix error handling in ext4_fc_record_modified_inode() Current code does not fully takes care of krealloc() error case, which could lead to silent memory corruption or a kernel bug. This patch fixes that. Also it cleans up some duplicated error handling logic from various functions in fast_commit.c file.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc	Patch
https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802	Patch
https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19	Patch
https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94	Patch
https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc	Patch
https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802	Patch
https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19	Patch
https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::

History

17 Sep 2025, 17:12

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:5.17:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-787
References	~~() https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc -~~	() https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc - Patch
References	~~() https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802 -~~	() https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802 - Patch
References	~~() https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19 -~~	() https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19 - Patch
References	~~() https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94 -~~	() https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

21 Nov 2024, 07:33

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc -~~	() https://git.kernel.org/stable/c/14aa3f49c7fc6424763f4323bfbc3a807b0727dc -
References	~~() https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802 -~~	() https://git.kernel.org/stable/c/1b6762ecdf3cf12113772427c904aa3c420a1802 -
References	~~() https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19 -~~	() https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19 -
References	~~() https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94 -~~	() https://git.kernel.org/stable/c/cdce59a1549190b66f8e3fe465c2b2f714b98a94 -

20 Jun 2024, 12:43

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: corrige el manejo de errores en ext4_fc_record_modified_inode() El código actual no soluciona completamente el caso de error de krealloc(), lo que podría provocar una corrupción silenciosa de la memoria o un error del kernel. Este parche soluciona eso. También limpia alguna lógica de manejo de errores duplicada de varias funciones en el archivo fast_commit.c.

20 Jun 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-20 11:15

Updated : 2025-09-17 17:12

NVD link : CVE-2022-48712

Mitre link : CVE-2022-48712

CVE.ORG link : CVE-2022-48712

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

7.8 /10