Unrated severityNVD Advisory· Published Feb 26, 2025· Updated Jun 19, 2025

ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state

CVE-2022-49348

Description

In the Linux kernel, the following vulnerability has been resolved:

The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the sbi->s_mount_info is initialized from es->s_state. Arguably s_mount_state is misleadingly named, but the name is historical --- s_mount_state and s_state dates back to ext2.

What should have been used is the ext4_{set,clear,test}_mount_flag() inline functions, which sets EXT4_MF_* bits in sbi->s_mount_flags.

The problem with using EXT4_FC_REPLAY is that a maliciously corrupted superblock could result in EXT4_FC_REPLAY getting set in s_mount_state. This bypasses some sanity checks, and this can trigger a BUG() in ext4_es_cache_extent(). As a easy-to-backport-fix, filter out the EXT4_FC_REPLAY bit for now. We should eventually transition away from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY.

Affected products

Linux/Kernelllm-fuzzy
osv-coords83 versions
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_38&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_25&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%204.3
< 5.14.21-150400.24.158.1+ 82 more
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150500.55.100.1.150500.6.47.1
- (no CPE)range: < 5.14.21-150500.55.100.1.150500.6.47.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150500.55.100.1.150500.6.47.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150500.55.100.1.150500.6.47.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150500.55.100.1.150500.6.47.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150400.24.158.1.150400.24.78.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 1-150400.9.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.15.115.1
- (no CPE)range: < 5.14.21-150400.15.115.1
- (no CPE)range: < 5.14.21-150500.13.91.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.15.115.1
- (no CPE)range: < 5.14.21-150400.15.115.1
- (no CPE)range: < 5.14.21-150500.13.91.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150400.24.158.1
- (no CPE)range: < 5.14.21-150500.55.100.1
- (no CPE)range: < 5.14.21-150400.24.158.1
Linux/Linuxcpe-rescue
Range: 5.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000