CVE & CISA-KEV Catalog

CVE-2022-49167

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfs_lookup_bio_sums(). Turns out the compression path will complete the bio we use if we set up any of the compression bios and then return an error, and then btrfs_submit_data_bio() will also call bio_endio() on the bio. Fix this by making btrfs_submit_compressed_read() responsible for calling bio_endio() on the bio if there are any errors. Currently it was only doing it if we created the compression bios, otherwise it was depending on btrfs_submit_data_bio() to do the right thing. This creates the above problem, so fix up btrfs_submit_compressed_read() to always call bio_endio() in case of an error, and then simply return from btrfs_submit_data_bio() if we had to call btrfs_submit_compressed_read().

How to fix

Remediation Available
linuxDebian
Fixed in:5.17.3-1CVE-2022-49167
Fixed in:5.17.3-1CVE-2022-49167
Fixed in:5.17.3-1CVE-2022-49167

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.24%probability of exploitation in 30 days
15thpercentile

Low risk: more likely to be exploited than 15% of all known CVEs.

References

Embed a live status badge for CVE-2022-49167
CVE-2022-49167 severity badge

Markdown

[![CVE-2022-49167](https://tridentstack.com/cve/badge/CVE-2022-49167.svg)](https://tridentstack.com/cve/CVE-2022-49167)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-49167"><img src="https://tridentstack.com/cve/badge/CVE-2022-49167.svg" alt="CVE-2022-49167"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-21.