{"id":"CVE-2022-50021","summary":"ext4: block range must be validated before use in ext4_mb_clear_bb()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: block range must be validated before use in ext4_mb_clear_bb()\n\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\n\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n \u003cTASK\u003e\n ? lock_timer_base+0x61/0x80\n ? __es_remove_extent+0x5a/0x760\n ? __mod_timer+0x256/0x380\n ? ext4_ind_truncate_ensure_credits+0x90/0x220\n ext4_clear_blocks+0x107/0x1b0\n ext4_free_data+0x15b/0x170\n ext4_ind_truncate+0x214/0x2c0\n ? _raw_spin_unlock+0x15/0x30\n ? ext4_discard_preallocations+0x15a/0x410\n ? ext4_journal_check_start+0xe/0x90\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_truncate+0x1b5/0x460\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_evict_inode+0x2b4/0x6f0\n evict+0xd0/0x1d0\n ext4_enable_quotas+0x11f/0x1f0\n ext4_orphan_cleanup+0x3de/0x430\n ? proc_create_seq_private+0x43/0x50\n ext4_fill_super+0x295f/0x3ae0\n ? snprintf+0x39/0x40\n ? sget_fc+0x19c/0x330\n ? ext4_reconfigure+0x850/0x850\n get_tree_bdev+0x16d/0x260\n vfs_get_tree+0x25/0xb0\n path_mount+0x431/0xa70\n __x64_sys_mount+0xe2/0x120\n do_syscall_64+0x5b/0x80\n ? do_user_addr_fault+0x1e2/0x670\n ? exc_page_fault+0x70/0x170\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\n\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb().","modified":"2026-04-03T13:14:45.911975Z","published":"2025-06-18T11:01:25.045Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02537-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50021.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1e1c2b86ef86a8477fd9b9a4f48a6bfe235606f6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/560a2744cbbf03cac65a6394f9b0d99aa437c867"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7550aade978371ac582f6d43b14c4cb89ca54463"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2522041d248a8c969cbbc97e1fc2cd8b4de120d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50021.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50021"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"84130193e0e6568dfdfb823f0e1e19aec80aff6e"},{"fixed":"7550aade978371ac582f6d43b14c4cb89ca54463"},{"fixed":"560a2744cbbf03cac65a6394f9b0d99aa437c867"},{"fixed":"a2522041d248a8c969cbbc97e1fc2cd8b4de120d"},{"fixed":"1e1c2b86ef86a8477fd9b9a4f48a6bfe235606f6"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50021.json"}}],"schema_version":"1.7.5"}