{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ext4: block range must be validated before use in ext4_mb_clear_bb()",
    "id" : "2373492",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373492"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: block range must be validated before use in ext4_mb_clear_bb()\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n<TASK>\n? lock_timer_base+0x61/0x80\n? __es_remove_extent+0x5a/0x760\n? __mod_timer+0x256/0x380\n? ext4_ind_truncate_ensure_credits+0x90/0x220\next4_clear_blocks+0x107/0x1b0\next4_free_data+0x15b/0x170\next4_ind_truncate+0x214/0x2c0\n? _raw_spin_unlock+0x15/0x30\n? ext4_discard_preallocations+0x15a/0x410\n? ext4_journal_check_start+0xe/0x90\n? __ext4_journal_start_sb+0x2f/0x110\next4_truncate+0x1b5/0x460\n? __ext4_journal_start_sb+0x2f/0x110\next4_evict_inode+0x2b4/0x6f0\nevict+0xd0/0x1d0\next4_enable_quotas+0x11f/0x1f0\next4_orphan_cleanup+0x3de/0x430\n? proc_create_seq_private+0x43/0x50\next4_fill_super+0x295f/0x3ae0\n? snprintf+0x39/0x40\n? sget_fc+0x19c/0x330\n? ext4_reconfigure+0x850/0x850\nget_tree_bdev+0x16d/0x260\nvfs_get_tree+0x25/0xb0\npath_mount+0x431/0xa70\n__x64_sys_mount+0xe2/0x120\ndo_syscall_64+0x5b/0x80\n? do_user_addr_fault+0x1e2/0x670\n? exc_page_fault+0x70/0x170\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb().", "A use-after-free vulnerability exists in the linux kernel, such thatthe  Block range to free is validated in ext4_free_blocks() using ext4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().However, in some situations on bigalloc file system the range might be adjusted after the validation in ext4_free_blocks() which can lead to corrupted file systems" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50021\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50021\nhttps://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50021-2162@gregkh/T" ],
  "name" : "CVE-2022-50021",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}