CVE-2022-50346
📋 TL;DR
A race condition vulnerability in the Linux kernel's ext4 filesystem during rename operations can trigger a kernel warning and potential denial of service. This affects Linux systems using ext4 filesystem with quota support enabled. The issue occurs when renaming files triggers quota initialization failures.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially disrupting system availability.
Likely Case
Kernel warning messages in system logs and possible system instability during rename operations.
If Mitigated
Minor performance impact during rename operations with proper quota initialization.
🎯 Exploit Status
Requires local access and ability to perform rename operations on ext4 filesystem with quotas enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 13271fbbe85d, 135ba9146f4d, 33fd7031d634, 67f6d5a4043f, 7dfb8259f66f
Vendor Advisory: https://git.kernel.org/stable/c/13271fbbe85d73a7c47058f56a52f2a7f00d6e39
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable quota support
LinuxDisable disk quota support on ext4 filesystems to prevent the race condition
tune2fs -Q ^usrquota,^grpquota /dev/device
remount filesystem after changes
🧯 If You Can't Patch
- Disable quota support on critical ext4 filesystems
- Monitor system logs for ext4_xattr_block_set warnings and investigate rename operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ext4 quota is enabled: grep -r quota /etc/fstab && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated: uname -r and check for warning messages in dmesg related to ext4_xattr_block_set📡 Detection & Monitoring
Log Indicators:
- WARNING messages in dmesg/kernel logs containing 'ext4_xattr_block_set'
- System logs showing ext4 rename operations failing
Network Indicators:
- None - local filesystem issue
SIEM Query:
source="kernel" AND "ext4_xattr_block_set" AND "WARNING"🔗 References
- https://git.kernel.org/stable/c/13271fbbe85d73a7c47058f56a52f2a7f00d6e39
- https://git.kernel.org/stable/c/135ba9146f4d38abed48a540ef8a8770ff0bd34f
- https://git.kernel.org/stable/c/33fd7031d634f3b46e59f61adfbb0ea9fe514fef
- https://git.kernel.org/stable/c/67f6d5a4043f3db0c6bb0e14a0d97a7be8bfb8b5
- https://git.kernel.org/stable/c/7dfb8259f66faafa68d23a261b284d2c2c67649b
- https://git.kernel.org/stable/c/84a2f2ed49d6a4d92b354219077434c57d334620
- https://git.kernel.org/stable/c/def7a39091e60e1c4a2f623629082a00092602be
- https://git.kernel.org/stable/c/f263e349bacc2f303526dcfa61c4bc50132418b1
- https://git.kernel.org/stable/c/fae381a3d79bb94aa2eb752170d47458d778b797
