CVE-2022-49738

CVE-2022-49738 is a slab-out-of-bounds read vulnerability in the Linux kernel's f2fs filesystem implementation. The issue arises in the is_alive() function within the garbage collection code (gc_data_segment), where a missing sanity check on the i_extra_isize field leads to invalid memory access via offset_in_addr and data_blkaddr macros. This was detected by syzbot during kernel writeback operations on a tainted 6.1.0-rc4 kernel, resulting in a KASAN-reported read of 4 bytes at an invalid slab address.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N) in a local attack vector (AV:L). Successful exploitation triggers the out-of-bounds read during f2fs garbage collection, potentially allowing high confidentiality impact through kernel memory disclosure (C:H) and high availability impact via system crash or denial of service (A:H), with no integrity impact (I:N). The CVSS v3.1 base score is 7.1, mapped to CWE-125 (Out-of-bounds Read).

Mitigation involves applying upstream patches from the provided stable kernel commit references, which add the necessary sanity check on i_extra_isize in the affected code path. Key commits include 5b25035fb888cb2f78bf0b9c9f95b1dc54480d36, 914e38f02a490dafd980ff0f39cccedc074deb29, 97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a, d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c, and e5142a4935c1f15841d06047b8130078fc4d7b8f, backported to relevant stable branches.