Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49739

In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well.

Published

2025-03-27T17:15:38.460

Last Modified

2025-10-30T15:36:58.517

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.19.280	Yes
Operating System	linux	linux_kernel	< 5.4.240	Yes
Operating System	linux	linux_kernel	< 5.10.177	Yes
Operating System	linux	linux_kernel	< 5.15.93	Yes
Operating System	linux	linux_kernel	< 6.1.11	Yes

References

https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/46c9088cabd4d0469fdb61ac2a9c5003057fe94d Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/4d4cb76636134bf9a0c9c3432dae936f99954586 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/70376c7ff31221f1d21db5611d8209e677781d3a Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/7c414f6f06e9a3934901b6edc3177ae5a1e07094 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/d458a0984429c2d47e60254f5bc4119cbafe83a2 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)