CVE-2022-50344— ext4: fix null-ptr-deref in ext4_write_info
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-50344
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ext4: fix null-ptr-deref in ext4_write_info
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_filesystem+0x89/0xf0 generic_shutdown_super+0x79/0x3e0 kill_block_super+0xa1/0x110 deactivate_locked_super+0xac/0x130 deactivate_super+0xb6/0xd0 cleanup_mnt+0x289/0x400 __cleanup_mnt+0x16/0x20 task_work_run+0x11c/0x1c0 exit_to_user_mode_prepare+0x203/0x210 syscall_exit_to_user_mode+0x5b/0x3a0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ================================================================== Above issue may happen as follows: ------------------------------------- exit_to_user_mode_prepare task_work_run __cleanup_mnt cleanup_mnt deactivate_super deactivate_locked_super kill_block_super generic_shutdown_super shrink_dcache_for_umount dentry = sb->s_root sb->s_root = NULL <--- Here set NULL sync_filesystem __sync_filesystem sb->s_op->sync_fs > ext4_sync_fs dquot_writeback_dquots sb->dq_op->write_info > ext4_write_info ext4_journal_start(d_inode(sb->s_root), EXT4_HT_QUOTA, 2) d_inode(sb->s_root) s_root->d_inode <--- Null pointer dereference To solve this problem, we use ext4_journal_start_sb directly to avoid s_root being used.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ext4_write_info中存在空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-50344
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-50344
Please Login to view more intelligence information
Same Patch Batch · Linux · 2025-09-16 · 115 CVEs total
| CVE-2022-50339 | Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() | |
| CVE-2023-53307 | rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails | |
| CVE-2023-53305 | Bluetooth: L2CAP: Fix use-after-free | |
| CVE-2023-53304 | netfilter: nft_set_rbtree: fix overlap expiration walk | |
| CVE-2022-50351 | cifs: Fix xid leak in cifs_create() | |
| CVE-2022-50352 | net: hns: fix possible memory leak in hnae_ae_register() | |
| CVE-2022-50350 | scsi: target: iscsi: Fix a race condition between login_work and the login thread | |
| CVE-2022-50348 | nfsd: Fix a memory leak in an error handling path | |
| CVE-2022-50349 | misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() | |
| CVE-2022-50347 | mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() | |
| CVE-2022-50346 | ext4: init quota for 'old.inode' in 'ext4_rename' | |
| CVE-2022-50343 | rapidio: fix possible name leaks when rio_add_device() fails | |
| CVE-2022-50342 | floppy: Fix memory leak in do_floppy_init() | |
| CVE-2022-50341 | cifs: fix oops during encryption | |
| CVE-2022-50340 | media: vimc: Fix wrong function called when vimc_init() fails | |
| CVE-2025-39826 | net: rose: convert 'use' field to refcount_t | |
| CVE-2025-39829 | trace/fgraph: Fix the warning caused by missing unregister notifier | |
| CVE-2025-39828 | atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). | |
| CVE-2025-39827 | net: rose: include node references in rose_neigh refcount | |
| CVE-2025-39830 | net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path |
Showing top 20 of 115 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling - CVE-2026-43471
scsi: ufs: core: Fix possible NULL pointer dereference in uf
Same vendor: Linux
- CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling - CVE-2026-43471
scsi: ufs: core: Fix possible NULL pointer dereference in uf
V. Comments for CVE-2022-50344
No comments yet