Bug 2396494 (CVE-2022-50403)

Summary: CVE-2022-50403 kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image, the kernel performs an incorrect calculation. This action results in unpredictable system behavior.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-09-18 17:01:26 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ext4: fix undefined behavior in bit shift for ext4_check_flag_values

Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:

UBSAN: shift-out-of-bounds in fs/ext4/ext4.h:591:2
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
 <TASK>
 dump_stack_lvl+0x7d/0xa5
 dump_stack+0x15/0x1b
 ubsan_epilogue+0xe/0x4e
 __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
 ext4_init_fs+0x5a/0x277
 do_one_initcall+0x76/0x430
 kernel_init_freeable+0x3b3/0x422
 kernel_init+0x24/0x1e0
 ret_from_fork+0x1f/0x30
 </TASK>
Comment 1 Keith Grant 2025-09-18 18:56:44 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50403-0471@gregkh/T
Comment 5 errata-xmlrpc 2025-11-25 00:37:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:22006 https://access.redhat.com/errata/RHSA-2025:22006
Comment 6 errata-xmlrpc 2025-11-25 10:35:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:22066 https://access.redhat.com/errata/RHSA-2025:22066
Comment 7 errata-xmlrpc 2025-11-25 12:31:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:22072 https://access.redhat.com/errata/RHSA-2025:22072
Comment 8 errata-xmlrpc 2025-11-25 16:04:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:22087 https://access.redhat.com/errata/RHSA-2025:22087
Comment 9 errata-xmlrpc 2025-12-04 12:45:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:22752 https://access.redhat.com/errata/RHSA-2025:22752
Comment 11 errata-xmlrpc 2025-12-17 07:47:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:23445 https://access.redhat.com/errata/RHSA-2025:23445
Comment 12 errata-xmlrpc 2025-12-22 17:01:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:23960 https://access.redhat.com/errata/RHSA-2025:23960
Comment 13 errata-xmlrpc 2025-12-22 17:35:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:23947 https://access.redhat.com/errata/RHSA-2025:23947