Bug 2373686 (CVE-2022-50205)

Summary: CVE-2022-50205 kernel: ext2: Add more validity checks for inode counts
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-06-18 12:13:47 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ext2: Add more validity checks for inode counts

Add checks verifying number of inodes stored in the superblock matches
the number computed from number of inodes per group. Also verify we have
at least one block worth of inodes per group. This prevents crashes on
corrupted filesystems.
Comment 1 Avinash Hanwate 2025-06-18 17:10:50 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025061841-CVE-2022-50205-4197@gregkh/T