VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2022-50620

CVE-2022-50620

Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to invalidate dcc->f2fs_issue_discard in error path

Syzbot reports a NULL pointer dereference issue as below:

__refcount_add include/linux/refcount.h:193 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:110 [inline] kthread_stop+0x34/0x1c0 kernel/kthread.c:703 f2fs_stop_discard_thread+0x3c/0x5c fs/f2fs/segment.c:1638 kill_f2fs_super+0x5c/0x194 fs/f2fs/super.c:4522 deactivate_locked_super+0x70/0xe8 fs/super.c:332 deactivate_super+0xd0/0xd4 fs/super.c:363 cleanup_mnt+0x1f8/0x234 fs/namespace.c:1186 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193 task_work_run+0xc4/0x14c kernel/task_work.c:177 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x26c/0xbe0 kernel/exit.c:795 do_group_exit+0x60/0xe8 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

The root cause of this issue is in error path of f2fs_start_discard_thread(), it missed to invalidate dcc->f2fs_issue_discard, later kthread_stop() may access invalid pointer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper error handling in the Linux kernel F2FS discard thread initialization can lead to a NULL pointer dereference via kthread_stop() on an invalid task pointer.

Overview

CVE-2022-50620 is a vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue lies in the f2fs_start_discard_thread() function, which initializes a kernel thread responsible for issuing discard commands to the block device. In the error path of this function, the code failed to set the dcc->f2fs_issue_discard pointer to NULL after a thread creation failure. This left the pointer dangling, referencing an invalid task_struct.

Exploitation and

Attack Surface

An attacker with local access to the system could trigger this condition by mounting a crafted F2FS filesystem that forces the discard thread initialization to fail. The vulnerability does not require any special permissions beyond the ability to mount a filesystem. When the filesystem is subsequently unmounted, f2fs_stop_discard_thread() calls kthread_stop() on the invalid pointer, leading to a NULL pointer dereference. This results in a kernel crash (denial of service). The bug was discovered through syzbot, indicating it is reachable via fuzzing and can be triggered reliably.

Impact

The primary impact is a denial of service (DoS) via system crash. The commit log shows a NULL pointer dereference in refcount_inc when kthread_stop tries to get the task structure. There is no evidence in the references or description that this vulnerability leads to privilege escalation or remote code execution. Unprivileged local users could crash the system, making this a moderate severity issue.

Mitigation

A patch has been committed to the Linux kernel stable tree that correctly invalidates dcc->f2fs_issue_discard in the error path of f2fs_start_discard_thread(). The fix is identified by commit 91586ce0d39a05f88795aa8814fb99b1387236b3 [1]. Users should apply this patch or update to a kernel version containing the fix. No workarounds are documented.

References

[1] https://git.kernel.org/stable/c/91586ce0d39a05f88795aa8814fb99b1387236b3

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

4
865bb7b5a7de
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a3e517a6ba69
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ae6c960a82c5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
91586ce0d39a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.