{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted",
    "id" : "2373442",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373442"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\njbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted\nFollowing process will fail assertion 'jh->b_frozen_data == NULL' in\njbd2_journal_dirty_metadata():\njbd2_journal_commit_transaction\nunlink(dir/a)\njh->b_transaction = trans1\njh->b_jlist = BJ_Metadata\njournal->j_running_transaction = NULL\ntrans1->t_state = T_COMMIT\nunlink(dir/b)\nhandle->h_trans = trans2\ndo_get_write_access\njh->b_modified = 0\njh->b_frozen_data = frozen_buffer\njh->b_next_transaction = trans2\njbd2_journal_dirty_metadata\nis_handle_aborted\nis_journal_aborted // return false\n--> jbd2 abort <--\nwhile (commit_transaction->t_buffers)\nif (is_journal_aborted)\njbd2_journal_refile_buffer\n__jbd2_journal_refile_buffer\nWRITE_ONCE(jh->b_transaction,\njh->b_next_transaction)\nWRITE_ONCE(jh->b_next_transaction, NULL)\n__jbd2_journal_file_buffer(jh, BJ_Reserved)\nJ_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !\nThe reproducer (See detail in [Link]) reports:\n------------[ cut here ]------------\nkernel BUG at fs/jbd2/transaction.c:1629!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 2 PID: 584 Comm: unlink Tainted: G        W\n5.19.0-rc6-00115-g4a57a8400075-dirty #697\nRIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470\nRSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202\nCall Trace:\n<TASK>\n__ext4_handle_dirty_metadata+0xa0/0x290\next4_handle_dirty_dirblock+0x10c/0x1d0\next4_delete_entry+0x104/0x200\n__ext4_unlink+0x22b/0x360\next4_unlink+0x275/0x390\nvfs_unlink+0x20b/0x4c0\ndo_unlinkat+0x42f/0x4c0\n__x64_sys_unlink+0x37/0x50\ndo_syscall_64+0x35/0x80\nAfter journal aborting, __jbd2_journal_refile_buffer() is executed with\nholding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()'\ninto the area protected by @jh->b_state_lock.", "A flaw was found in the jbd2 module in the Linux kernel. An assertion failure can be triggered when a specific sequence of transactions and operations is performed due to incorrect synchronization, potentially resulting in a denial of service." ],
  "statement" : "This issue has been fixed in Red Hat Enterprise Linux 8.10 and 9.2 via RHSA-2024:3138 [1] and RHSA-2023:2458 [2], respectively.\n[1]. https://access.redhat.com/errata/RHSA-2024:3138\n[2]. https://access.redhat.com/errata/RHSA-2023:2458",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50126\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50126\nhttps://lore.kernel.org/linux-cve-announce/2025061813-CVE-2022-50126-5c77@gregkh/T" ],
  "name" : "CVE-2022-50126",
  "csaw" : false
}