2363411 – (CVE-2022-49849) CVE-2022-49849 kernel: btrfs: fix match incorrectly in dev_args_match_device

Bug 2363411 (CVE-2022-49849) - CVE-2022-49849 kernel: btrfs: fix match incorrectly in dev_args_match_device

Summary: CVE-2022-49849 kernel: btrfs: fix match incorrectly in dev_args_match_device

Keywords:
Status:	NEW
Alias:	CVE-2022-49849
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-01 15:03 UTC by OSIDB Bzimport
Modified:	2025-05-02 06:08 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-05-01 15:03:36 UTC

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix match incorrectly in dev_args_match_device

syzkaller found a failed assertion:

  assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921

This can be triggered when we set devid to (u64)-1 by ioctl. In this
case, the match of devid will be skipped and the match of device may
succeed incorrectly.

Patch 562d7b1512f7 introduced this function which is used to match device.
This function contains two matching scenarios, we can distinguish them by
checking the value of args->missing rather than check whether args->devid
and args->uuid is default value.

Comment 1 Avinash Hanwate 2025-05-02 05:58:40 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050143-CVE-2022-49849-e2cc@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.