{"id":"CVE-2022-49425","summary":"f2fs: fix dereference of stale list iterator after loop body","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix dereference of stale list iterator after loop body\n\nThe list iterator variable will be a bogus pointer if no break was hit.\nDereferencing it (cur-\u003epage in this case) could load an out-of-bounds/undefined\nvalue making it unsafe to use that in the comparision to determine if the\nspecific element was found.\n\nSince 'cur-\u003epage' *can* be out-ouf-bounds it cannot be guaranteed that\nby chance (or intention of an attacker) it matches the value of 'page'\neven though the correct element was not found.\n\nThis is fixed by using a separate list iterator variable for the loop\nand only setting the original variable if a suitable element was found.\nThen determing if the element was found is simply checking if the\nvariable is set.","modified":"2026-03-20T12:22:25.482179Z","published":"2025-02-26T02:12:46.702Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49425.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2aaf51dd39afb6d01d13f1e6fe20b684733b37d5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/385edd3ce5b4b1e9d31f474a5e35a39779ec1110"},{"type":"WEB","url":"https://git.kernel.org/stable/c/45b2b7d7108ae1e25a5036cab04ab9273e792332"},{"type":"WEB","url":"https://git.kernel.org/stable/c/51d584704d18e60fa473823654f35611c777b291"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e47a7add3dda7f236548c5ec3017776dc2a729f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b26e1c777890e4b938136deb8ec07a29f33862e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed7efc472c00986dcd6903ab6ed165c7fa167674"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49425.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49425"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8c242db9b8c01b252290e23827163787f07e01d1"},{"fixed":"385edd3ce5b4b1e9d31f474a5e35a39779ec1110"},{"fixed":"5e47a7add3dda7f236548c5ec3017776dc2a729f"},{"fixed":"51d584704d18e60fa473823654f35611c777b291"},{"fixed":"45b2b7d7108ae1e25a5036cab04ab9273e792332"},{"fixed":"b26e1c777890e4b938136deb8ec07a29f33862e4"},{"fixed":"ed7efc472c00986dcd6903ab6ed165c7fa167674"},{"fixed":"2aaf51dd39afb6d01d13f1e6fe20b684733b37d5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49425.json"}}],"schema_version":"1.7.5"}