{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ext4: add reserved GDT blocks check",
    "id" : "2348100",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348100"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: add reserved GDT blocks check\nWe capture a NULL pointer issue when resizing a corrupt ext4 image which\nis freshly clear resize_inode feature (not run e2fsck). It could be\nsimply reproduced by following steps. The problem is because of the\nresize_inode feature was cleared, and it will convert the filesystem to\nmeta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was\nnot reduced to zero, so could we mistakenly call reserve_backup_gdb()\nand passing an uninitialized resize_inode to it when adding new group\ndescriptors.\nmkfs.ext4 /dev/sda 3G\ntune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck\nmount /dev/sda /mnt\nresize2fs /dev/sda 8G\n========\nBUG: kernel NULL pointer dereference, address: 0000000000000028\nCPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748\n...\nRIP: 0010:ext4_flex_group_add+0xe08/0x2570\n...\nCall Trace:\n<TASK>\next4_resize_fs+0xbec/0x1660\n__ext4_ioctl+0x1749/0x24e0\next4_ioctl+0x12/0x20\n__x64_sys_ioctl+0xa6/0x110\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f2dd739617b\n========\nThe fix is simple, add a check in ext4_resize_begin() to make sure that\nthe es->s_reserved_gdt_blocks is zero when the resize_inode feature is\ndisabled.", "A flaw was found in the ext4 module in the Linux kernel. Resizing a corrupt ext4 image can cause a NULL pointer dereference due to a missing check if the reserved GDT blocks is zero when the resize_inode feature is disabled, resulting in a denial of service." ],
  "statement" : "This issue has been fixed in Red Hat Enterprise Linux 8.7 and 9.1 via RHSA-2022:7683 [1] and RHSA-2022:8267 [2], respectively.\n[1]. https://access.redhat.com/errata/RHSA-2022:7683\n[2]. https://access.redhat.com/errata/RHSA-2022:8267",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7683",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-425.3.1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49707\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49707\nhttps://lore.kernel.org/linux-cve-announce/2025022630-CVE-2022-49707-c4b7@gregkh/T" ],
  "name" : "CVE-2022-49707",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}