CVE-2022-49707

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 26, 2025

Updated: Mar 11, 2025

CWE ID 476

Summary

CVE-2022-49707: A vulnerability was identified in the Linux kernel that could lead to a NULL pointer dereference when resizing a corrupt ext4 image. This issue occurs due to the resize_inode feature being cleared, which causes the filesystem to convert to meta_bg mode in ext4_resize_fs(). However, the es->s_reserved_gdt_blocks variable was not reduced to zero, resulting in a call to reserve_backup_gdb() with an uninitialized resize_inode. To address this issue, a check has been added in ext4_resize_begin() to ensure that the es->s_reserved_gdt_blocks variable is zero when the resize_inode feature is disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2022-49707

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations