A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. The following is the crash information: BUG: kernel NULL pointer dereference, address: 0000000000000004 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 162c13067 P4D 162c13067 PUD 15f0f4067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 6659 Comm: syz-executor348 Not tainted 5.17.0-rc4+ #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:diFree+0x1d1/0x4330 build/../fs/jfs/jfs_imap.c:871 .. Call Trace: <TASK> jfs_evict_inode+0x605/0x6b0 build/../fs/jfs/inode.c:155 evict+0x4f4/0xdd0 build/../fs/inode.c:664 iput_final build/../fs/inode.c:1744 [inline] iput+0xc53/0x1100 build/../fs/inode.c:1770 diFreeSpecial+0xec/0x1b0 build/../fs/jfs/jfs_imap.c:548 jfs_mount+0xd1c/0x12c0 build/../fs/jfs/jfs_mount.c:191 jfs_fill_super+0x76d/0x1670 build/../fs/jfs/super.c:560 mount_bdev+0x626/0x920 build/../fs/super.c:1367 jfs_do_mount+0xc9/0xe0 build/../fs/jfs/super.c:674 legacy_get_tree+0x163/0x2e0 build/../fs/fs_context.c:610 vfs_get_tree+0xd8/0x5d0 build/../fs/super.c:1497 do_new_mount+0x7b5/0x16f0 build/../fs/namespace.c:2994 path_mount+0x100d/0x27a0 build/../fs/namespace.c:3324 do_mount build/../fs/namespace.c:3337 [inline] __do_sys_mount build/../fs/namespace.c:3545 [inline] __se_sys_mount+0x8a8/0x9d0 build/../fs/namespace.c:3522 __x64_sys_mount+0x15d/0x1b0 build/../fs/namespace.c:3522 do_syscall_x64 build/../arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 build/../arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Reference: https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2128459]
This was fixed for Fedora with the 5.17.3 stable kernel updates
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3202