{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "5afd80c393f4e87451f14eefb7f2f24daf434e06"
            },
            {
              "fixed": "07cacfd9d9dc134557ac8866c73d570a59b3d1f3"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "f0bfa76a11e93d0fe2c896fcb566568c5e8b5d3f"
            },
            {
              "fixed": "a04d37ddfe4be431b9e52e8504490376ab0a39a4"
            },
            {
              "fixed": "6d82ad13c4110e73c7b0392f00534a1502a1b520"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "96f1be29492d9e2fb97bb27f824478ab8cd3ab86"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49068.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: release correct delalloc amount in direct IO write path\n\nRunning generic/406 causes the following WARNING in btrfs_destroy_inode()\nwhich tells there are outstanding extents left.\n\nIn btrfs_get_blocks_direct_write(), we reserve a temporary outstanding\nextents with btrfs_delalloc_reserve_metadata() (or indirectly from\nbtrfs_delalloc_reserve_space(()). We then release the outstanding extents\nwith btrfs_delalloc_release_extents(). However, the \"len\" can be modified\nin the COW case, which releases fewer outstanding extents than expected.\n\nFix it by calling btrfs_delalloc_release_extents() for the original length.\n\nTo reproduce the warning, the filesystem should be 1 GiB.  It's\ntriggering a short-write, due to not being able to allocate a large\nextent and instead allocating a smaller one.\n\n  WARNING: CPU: 0 PID: 757 at fs/btrfs/inode.c:8848 btrfs_destroy_inode+0x1e6/0x210 [btrfs]\n  Modules linked in: btrfs blake2b_generic xor lzo_compress\n  lzo_decompress raid6_pq zstd zstd_decompress zstd_compress xxhash zram\n  zsmalloc\n  CPU: 0 PID: 757 Comm: umount Not tainted 5.17.0-rc8+ #101\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014\n  RIP: 0010:btrfs_destroy_inode+0x1e6/0x210 [btrfs]\n  RSP: 0018:ffffc9000327bda8 EFLAGS: 00010206\n  RAX: 0000000000000000 RBX: ffff888100548b78 RCX: 0000000000000000\n  RDX: 0000000000026900 RSI: 0000000000000000 RDI: ffff888100548b78\n  RBP: ffff888100548940 R08: 0000000000000000 R09: ffff88810b48aba8\n  R10: 0000000000000001 R11: ffff8881004eb240 R12: ffff88810b48a800\n  R13: ffff88810b48ec08 R14: ffff88810b48ed00 R15: ffff888100490c68\n  FS:  00007f8549ea0b80(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f854a09e733 CR3: 000000010a2e9003 CR4: 0000000000370eb0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   \u003cTASK\u003e\n   destroy_inode+0x33/0x70\n   dispose_list+0x43/0x60\n   evict_inodes+0x161/0x1b0\n   generic_shutdown_super+0x2d/0x110\n   kill_anon_super+0xf/0x20\n   btrfs_kill_super+0xd/0x20 [btrfs]\n   deactivate_locked_super+0x27/0x90\n   cleanup_mnt+0x12c/0x180\n   task_work_run+0x54/0x80\n   exit_to_user_mode_prepare+0x152/0x160\n   syscall_exit_to_user_mode+0x12/0x30\n   do_syscall_64+0x42/0x80\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n   RIP: 0033:0x7f854a000fb7",
  "id": "CVE-2022-49068",
  "modified": "2026-04-01T23:09:25.536768368Z",
  "published": "2025-02-26T01:54:35.340Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07cacfd9d9dc134557ac8866c73d570a59b3d1f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d82ad13c4110e73c7b0392f00534a1502a1b520"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a04d37ddfe4be431b9e52e8504490376ab0a39a4"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49068.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49068"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "btrfs: release correct delalloc amount in direct IO write path"
}