Input validation error in Linux kernel f2fs



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49363
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU104714

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49363

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_do_zero_range() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15 - 5.15.45

CPE2.3 External links

https://git.kernel.org/stable/c/25f8236213a91efdf708b9d77e9e51b6fc3e141c
https://git.kernel.org/stable/c/470493be19a5730ed432e3ac0f29a2ee7fc6c557
https://git.kernel.org/stable/c/7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67
https://git.kernel.org/stable/c/805b48b234a2803cb7daec7f158af12f0fbaefac
https://git.kernel.org/stable/c/a34d7b49894b0533222188a52e2958750f830efd
https://git.kernel.org/stable/c/f2e1c38b5ac64eb1a16a89c52fb419409d12c25b
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###