{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ext4: don't set up encryption key during jbd2 transaction",
    "id" : "2400725",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400725"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-833",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: don't set up encryption key during jbd2 transaction\nCommit a80f7fcf1867 (\"ext4: fixup ext4_fc_track_* functions' signature\")\nextended the scope of the transaction in ext4_unlink() too far, making\nit include the call to ext4_find_entry().  However, ext4_find_entry()\ncan deadlock when called from within a transaction because it may need\nto set up the directory's encryption key.\nFix this by restoring the transaction to its original scope.", "A flaw exists in the ext4 filesystem implementation in the Linux kernel such that the function ext4_unlink() extended a journaling transaction too far so that it included a call to ext4_find_entry(). However, ext4_find_entry() may need to set up a directory’s encryption key — which can cause a deadlock when executed inside a transaction." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50436\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50436\nhttps://lore.kernel.org/linux-cve-announce/2025100159-CVE-2022-50436-ad37@gregkh/T" ],
  "name" : "CVE-2022-50436",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}