{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "98e4da8ca301e062d79ae168c67e56f3c3de3ce4"
            },
            {
              "fixed": "7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"
            },
            {
              "fixed": "a34d7b49894b0533222188a52e2958750f830efd"
            },
            {
              "fixed": "f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"
            },
            {
              "fixed": "470493be19a5730ed432e3ac0f29a2ee7fc6c557"
            },
            {
              "fixed": "805b48b234a2803cb7daec7f158af12f0fbaefac"
            },
            {
              "fixed": "25f8236213a91efdf708b9d77e9e51b6fc3e141c"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49363.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\n f2fs_invalidate_blocks+0x193/0x2d0\n f2fs_fallocate+0x2593/0x4a70\n vfs_fallocate+0x2a5/0xac0\n ksys_fallocate+0x35/0x70\n __x64_sys_fallocate+0x8e/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\n\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it.",
  "id": "CVE-2022-49363",
  "modified": "2026-04-01T23:08:15.276708912Z",
  "published": "2025-02-26T02:11:09.817Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25f8236213a91efdf708b9d77e9e51b6fc3e141c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/470493be19a5730ed432e3ac0f29a2ee7fc6c557"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/805b48b234a2803cb7daec7f158af12f0fbaefac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a34d7b49894b0533222188a52e2958750f830efd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49363.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49363"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "f2fs: fix to do sanity check on block address in f2fs_do_zero_range()"
}