Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.19.280 |
References
- https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9Patch
- https://git.kernel.org/stable/c/46c9088cabd4d0469fdb61ac2a9c5003057fe94dPatch
- https://git.kernel.org/stable/c/4d4cb76636134bf9a0c9c3432dae936f99954586Patch
- https://git.kernel.org/stable/c/70376c7ff31221f1d21db5611d8209e677781d3aPatch
- https://git.kernel.org/stable/c/7c414f6f06e9a3934901b6edc3177ae5a1e07094Patch
- https://git.kernel.org/stable/c/d458a0984429c2d47e60254f5bc4119cbafe83a2Patch
FAQ
What is CVE-2022-49739?
CVE-2022-49739 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when...
How severe is CVE-2022-49739?
CVE-2022-49739 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49739?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.