SB20250226585 - Improper error handling in Linux kernel ext4

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper error handling (CVE-ID: CVE-2022-49347)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_convert_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/013f12bdedb96816aaa27ee04349f4433d361f52
• https://git.kernel.org/stable/c/18a759f7f99f0b65a08ff5b7e745fc405a42bde4
• https://git.kernel.org/stable/c/19918ec7717d87d5ab825884a46b26b21375d7ce
• https://git.kernel.org/stable/c/1b061af037646c9cdb0afd8a8d2f1e1c06285866
• https://git.kernel.org/stable/c/1cde35417edc0370fb0179a4e38b78a15350a8d0
• https://git.kernel.org/stable/c/73fd5b19285197078ee8a2e651d75d5b094a4de9
• https://git.kernel.org/stable/c/b2b78f5bf2d453dda3903955efee059260787a42
• https://git.kernel.org/stable/c/de1732b5c1693ad489c5d254f124f67cb775f37d
• https://git.kernel.org/stable/c/ef09ed5d37b84d18562b30cf7253e57062d0db05
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.283
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.247
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.318
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.121
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.198