vulnerability
Ubuntu: (CVE-2022-49167): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Feb 26, 2025 | Jun 26, 2025 | Oct 23, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not double complete bio on errors during compressed reads
I hit some weird panics while fixing up the error handling from
btrfs_lookup_bio_sums(). Turns out the compression path will complete
the bio we use if we set up any of the compression bios and then return
an error, and then btrfs_submit_data_bio() will also call bio_endio() on
the bio.
Fix this by making btrfs_submit_compressed_read() responsible for
calling bio_endio() on the bio if there are any errors. Currently it
was only doing it if we created the compression bios, otherwise it was
depending on btrfs_submit_data_bio() to do the right thing. This
creates the above problem, so fix up btrfs_submit_compressed_read() to
always call bio_endio() in case of an error, and then simply return from
btrfs_submit_data_bio() if we had to call
btrfs_submit_compressed_read().
Solution
References
- CVE-2022-49167
- https://attackerkb.com/topics/CVE-2022-49167
- URL-https://git.kernel.org/linus/f9f15de85d74e7eef021af059ca53a15f041cdd8
- URL-https://git.kernel.org/stable/c/4a4ceb2b990771c374d85d496a1a45255dde48e3
- URL-https://git.kernel.org/stable/c/987b5df1d10355d377315a26e7fb6c72ded83c9f
- URL-https://git.kernel.org/stable/c/f9f15de85d74e7eef021af059ca53a15f041cdd8
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49167
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.