{"id":"CVE-2022-50377","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: check and assert if marking an no_delete evicting inode dirty\n\nIn ext4_evict_inode(), if we evicting an inode in the 'no_delete' path,\nit cannot be raced by another mark_inode_dirty(). If it happens,\nsomeone else may accidentally dirty it without holding inode refcount\nand probably cause use-after-free issues in the writeback procedure.\nIt's indiscoverable and hard to debug, so add an WARN_ON_ONCE() to\ncheck and detect this issue in advance.","modified":"2025-09-19T08:50:47.790370Z","published":"2025-09-18T14:15:36Z","withdrawn":"2025-09-19T21:57:03.564128Z","references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0c026f975d24701766cf4ac63995ead9f6d57a59"},{"type":"WEB","url":"https://git.kernel.org/stable/c/318cdc822c63b6e2befcfdc2088378ae6fa18def"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9020f56a3cad1c97b81c7dab2aa67027b59c8f73"},{"type":"WEB","url":"https://git.kernel.org/stable/c/91009e361e8cb2cbd1dc9496cb5fb4f8de3f4b11"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1ec687ebd1bf146333955b7e209d21508c3ba9f"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2022-50377"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:11","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.178-1"}]}],"versions":["5.10.103-1","5.10.103-1~bpo10+1","5.10.106-1","5.10.113-1","5.10.120-1","5.10.120-1~bpo10+1","5.10.127-1","5.10.127-2","5.10.127-2~bpo10+1","5.10.136-1","5.10.140-1","5.10.148-1","5.10.149-1","5.10.149-2","5.10.158-1","5.10.158-2","5.10.162-1","5.10.46-4","5.10.46-5","5.10.70-1","5.10.70-1~bpo10+1","5.10.84-1","5.10.92-1","5.10.92-1~bpo10+1","5.10.92-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50377.json"}},{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50377.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50377.json"}},{"package":{"name":"linux","ecosystem":"Debian:14","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50377.json"}}],"schema_version":"1.7.3"}