CVE-2022-50300

HIGH

Linux Kernel 4.15-<5.15.87, 5.16.0-<6.0.18, 6.1.0-<6.1.4 - Use-After-Free in Btrfs Extent Map Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in read_one_chunk Store the error code before freeing the extent_map. Though it's reference counted structure, in that function it's the first and last allocation so this would lead to a potential use-after-free. The error can happen eg. when chunk is stored on a missing device and the degraded mount option is missing. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216721

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/b8e7ed42bc3ca0d0e4191ee394d34962d3624c22

Patch

https://git.kernel.org/stable/c/fce3713197ebba239e1c7e02174ed216ea1ee014

Patch

https://git.kernel.org/stable/c/169a4cf46882974d4db6d85eb623ec898e51bbc0

Patch

https://git.kernel.org/stable/c/1742e1c90c3da344f3bb9b1f1309b3f47482756a

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (14)

linux/Kernel 4.15.0 - 5.15.87linux

linux/Kernel 5.16.0 - 6.0.18linux

linux/Kernel 6.1.0 - 6.1.4linux

Linux/Linux < 4.15

Linux/Linux 4.15

Linux/Linux 5.15.87 - 5.15.*

Linux/Linux 6.0.18 - 6.0.*

Linux/Linux 6.1.4 - 6.1.*

Linux/Linux 6.2

Linux/Linux adfb69af7d8cb6a3958f75aad1ef4bc96891d116 - 169a4cf46882974d4db6d85eb623ec898e51bbc0

... and 4 more

Published Sep 15, 2025

Tracked Since Feb 18, 2026