{"id":"CVE-2022-49348","summary":"ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state\n\nThe EXT4_FC_REPLAY bit in sbi-\u003es_mount_state is used to indicate that\nwe are in the middle of replay the fast commit journal.  This was\nactually a mistake, since the sbi-\u003es_mount_info is initialized from\nes-\u003es_state.  Arguably s_mount_state is misleadingly named, but the\nname is historical --- s_mount_state and s_state dates back to ext2.\n\nWhat should have been used is the ext4_{set,clear,test}_mount_flag()\ninline functions, which sets EXT4_MF_* bits in sbi-\u003es_mount_flags.\n\nThe problem with using EXT4_FC_REPLAY is that a maliciously corrupted\nsuperblock could result in EXT4_FC_REPLAY getting set in\ns_mount_state.  This bypasses some sanity checks, and this can trigger\na BUG() in ext4_es_cache_extent().  As a easy-to-backport-fix, filter\nout the EXT4_FC_REPLAY bit for now.  We should eventually transition\naway from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY.","modified":"2026-04-02T08:27:31.575665Z","published":"2025-02-26T02:11:02.518Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49348.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/55b4dbb29054a05d839562f6d635ce05669b016d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/af2f1932743fb52ebcb008ad7ac500d9df0aa796"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b99fd73418350dea360da8311e87a6a7b0e15a4c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c878bea3c9d724ddfa05a813f30de3d25a0ba83f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49348.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49348"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2"},{"fixed":"cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04"},{"fixed":"b99fd73418350dea360da8311e87a6a7b0e15a4c"},{"fixed":"af2f1932743fb52ebcb008ad7ac500d9df0aa796"},{"fixed":"55b4dbb29054a05d839562f6d635ce05669b016d"},{"fixed":"c878bea3c9d724ddfa05a813f30de3d25a0ba83f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49348.json"}}],"schema_version":"1.7.5"}