Bug 2348102 (CVE-2022-49274) - CVE-2022-49274 kernel: ocfs2: fix crash when mount with quota enabled
Summary: CVE-2022-49274 kernel: ocfs2: fix crash when mount with quota enabled
Keywords:
Status: NEW
Alias: CVE-2022-49274
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:17 UTC by OSIDB Bzimport
Modified: 2025-02-26 18:50 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:17:41 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix crash when mount with quota enabled

There is a reported crash when mounting ocfs2 with quota enabled.

  RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]
  Call Trace:
    ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]
    dquot_load_quota_sb+0x216/0x470
    dquot_load_quota_inode+0x85/0x100
    ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2]
    ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2]
    mount_bdev+0x185/0x1b0
    legacy_get_tree+0x27/0x40
    vfs_get_tree+0x25/0xb0
    path_mount+0x465/0xac0
    __x64_sys_mount+0x103/0x140

It is caused by when initializing dqi_gqlock, the corresponding dqi_type
and dqi_sb are not properly initialized.

This issue is introduced by commit 6c85c2c72819, which wants to avoid
accessing uninitialized variables in error cases.  So make global quota
info properly initialized.
Comment 1 Avinash Hanwate 2025-02-26 14:18:28 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022630-CVE-2022-49274-9f33@gregkh/T
Comment 2 Avinash Hanwate 2025-02-26 18:39:33 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022630-CVE-2022-49274-9f33@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.