CVE & CISA-KEV Catalog

CVE-2022-49318

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and __is_bitmap_valid. For example, in f2fs_is_valid_blkaddr, if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ, it invokes WARN_ON if blkaddr is not in the right range. The call trace is as follows: f2fs_get_node_info+0x45f/0x1070 read_node_page+0x577/0x1190 __get_node_page.part.0+0x9e/0x10e0 __get_node_page f2fs_get_node_page+0x109/0x180 do_read_inode f2fs_iget+0x2a5/0x58b0 f2fs_fill_super+0x3b39/0x7ca0 Fix these two WARNs by replacing WARN_ON with dump_stack.

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.127-1CVE-2022-49318
Fixed in:5.18.5-1CVE-2022-49318
Fixed in:5.18.5-1CVE-2022-49318
Fixed in:5.18.5-1CVE-2022-49318

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
16thpercentile

Low risk: more likely to be exploited than 16% of all known CVEs.

References

Embed a live status badge for CVE-2022-49318
CVE-2022-49318 severity badge

Markdown

[![CVE-2022-49318](https://tridentstack.com/cve/badge/CVE-2022-49318.svg)](https://tridentstack.com/cve/CVE-2022-49318)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-49318"><img src="https://tridentstack.com/cve/badge/CVE-2022-49318.svg" alt="CVE-2022-49318"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-01.