CVE-2022-49414 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-49414?

CVE-2022-49414 has a CVSS score of 4.7 (MEDIUM). A race condition vulnerability in the Linux kernel's ext4 filesystem allows concurrent write operations to corrupt filesystem metadata, potentially causing system crashes or data corruption. This affects Linux systems using ext4 filesystem with inline data enabled. Attackers with local access can trigger this condition.

📋 TL;DR

A race condition vulnerability in the Linux kernel's ext4 filesystem allows concurrent write operations to corrupt filesystem metadata, potentially causing system crashes or data corruption. This affects Linux systems using ext4 filesystem with inline data enabled. Attackers with local access can trigger this condition.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before 5.10.0 with specific backports to stable branches

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ext4 filesystem with inline data feature enabled. Many distributions enable this by default for small files.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, filesystem corruption, and potential data loss requiring filesystem repair or restoration from backups.

🟠

Likely Case

System crash or filesystem errors requiring reboot, with possible data corruption in affected files.

🟢

If Mitigated

Minor performance impact from additional locking, but no security or stability issues.

🌐 Internet-Facing: LOW - Requires local access to trigger the race condition.

🏢 Internal Only: MEDIUM - Local users or processes can trigger the condition, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger specific race condition between write and fallocate operations. Not trivial to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.10.0+ with specific commits: 14602353b350, 18881d7e5171, 725e00cb7039, 91f90b571f1a, ccc6639f831b

Vendor Advisory: https://git.kernel.org/stable/c/14602353b350950b551eccc6b46411aa3b12ffe2

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.10.0 or later. 2. For older stable branches, apply specific kernel patches. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ext4 inline data

linux

Disable the inline data feature on ext4 filesystems to prevent the race condition

tune2fs -O ^inline_data /dev/device

🧯 If You Can't Patch

Monitor system logs for ext4 filesystem errors and kernel panics
Implement strict access controls to limit local user privileges

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and verify if below 5.10.0. Check if ext4 filesystem has inline_data feature: tune2fs -l /dev/device | grep features

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.10.0 or later: uname -r. Check that kernel includes the fix commits.

📡 Detection & Monitoring

Log Indicators:

Kernel BUG messages mentioning ext4_mb_generate_buddy
EXT4-fs error messages
Kernel panic logs related to ext4

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("EXT4-fs error" OR "ext4_mb_generate_buddy" OR "kernel BUG at fs/ext4")

📊 Metadata

CVE ID: CVE-2022-49414

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.03% exploit probability (7.2th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49414, you might also want to check these: