CVE-2022-50546

7.8 HIGH

📋 TL;DR

This CVE-2022-50546 is a Linux kernel vulnerability in the ext4 filesystem where uninitialized memory in the 'ext4_evict_inode' function can be accessed, potentially leading to kernel memory corruption. It affects Linux systems using the ext4 filesystem. The vulnerability could allow local attackers to cause denial of service or potentially escalate privileges.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using ext4 filesystem
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using ext4 filesystem. The vulnerability occurs during specific inode allocation failure scenarios.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, or potential privilege escalation if the uninitialized memory access can be manipulated to execute arbitrary code.

🟠

Likely Case

System instability, kernel crashes, or denial of service when specific filesystem operations fail during inode allocation.

🟢

If Mitigated

Limited impact with proper access controls preventing local user exploitation, though system crashes could still occur from legitimate operations.

🌐 Internet-Facing: LOW - This is a local filesystem vulnerability requiring local access to exploit.
🏢 Internal Only: MEDIUM - Local users on affected systems could potentially exploit this to cause system instability or privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and specific conditions where inode allocation fails. The vulnerability was discovered through fuzzing (syzbot).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel commits: 091f85db4c3fb1734a6d7fb4777a2b2831da6631, 3c31d8d3ad95aef8cc17a4fcf317e46217148439, 56491d60ddca9c697d885394cb0173675b9ab81f, 7ea71af94eaaaf6d9aed24bc94a05b977a741cb9, 9f966e021c20caae639dd0e404c8761e8281a2c4

Vendor Advisory: https://git.kernel.org/stable/c/091f85db4c3fb1734a6d7fb4777a2b2831da6631

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Use alternative filesystem

linux

Temporarily use a different filesystem (like XFS, Btrfs) instead of ext4 for new partitions

Restrict local user access

linux

Limit non-privileged user access to systems until patched

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Monitor system logs for kernel panics or filesystem errors and have incident response procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if ext4 is in use: 'uname -r' and 'cat /proc/filesystems | grep ext4'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to one containing the fix commits. Check distribution security advisories for specific patched versions.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Filesystem error messages in dmesg or syslog
  • System crashes during filesystem operations

SIEM Query:

source="kernel" AND ("panic" OR "BUG" OR "KMSAN" OR "uninit-value")

📊 Metadata

CVE ID: CVE-2022-50546
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-908
Published: October 7, 2025
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON