NULL pointer dereference in Linux kernel f2fs



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49282
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU104550

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49282

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the f2fs_quota_sync() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15 - 5.15.32

CPE2.3 External links

https://git.kernel.org/stable/c/680af5b824a52faa819167628665804a14f0e0df
https://git.kernel.org/stable/c/724469814d805820cd37ea789769dba94123ff1a
https://git.kernel.org/stable/c/e58ee6bd939b773675240f5d0f5b88a367c037c4
https://git.kernel.org/stable/c/e9ebf1e8fc50b6a9336f9aea1082d7845e568d0e
https://git.kernel.org/stable/c/f1d5946d47c0827bae39e1537959ce8d6f0224c5
https://git.kernel.org/stable/c/f9156db0987f1b426015d56505e2c58dee70c90d
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###