CWE
416
Advisory Published
CVE Published
CVE Published
Updated

CVE-2022-1184: Use After Free

First published: Wed Mar 30 2022(Updated: )

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() and a BUG() in fs/ext4/ext4.h:2057, It is tested on 4.14 and 5.16, it randomly got segmentation faults in either systemd or other libc functions after the bug is triggered twice or more with below traces. ================================================================== [ 99.129641] BUG: KASAN: use-after-free in dx_insert_block+0xf9/0x1e0 [ 99.129678] Read of size 199528 at addr ffff88825d339028 by task tmp32/1078 [ 99.129729] CPU: 3 PID: 1078 Comm: tmp32 Not tainted 5.4.171 #1 [ 99.129730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 99.129731] Call Trace: [ 99.129734] dump_stack+0x8b/0xb9 [ 99.129736] ? dx_insert_block+0xf9/0x1e0 [ 99.129739] print_address_description.constprop.4+0x23/0x400 [ 99.129740] ? dx_insert_block+0xf9/0x1e0 [ 99.129742] __kasan_report+0x15c/0x1e0 [ 99.129743] ? dx_insert_block+0xf9/0x1e0 [ 99.129744] kasan_report+0x10/0x20 [ 99.129746] check_memory_region+0x149/0x1a0 [ 99.129747] memmove+0x1f/0x50 [ 99.129748] dx_insert_block+0xf9/0x1e0 [ 99.129750] do_split+0x105b/0x1bf0 [ 99.129754] ? ext4_rename_dir_finish+0x820/0x820 [ 99.129755] ext4_dx_add_entry+0x30b/0x2a20 [ 99.129757] ? _cond_resched+0x15/0x30 [ 99.129759] ? __getblk_gfp+0x35/0x7f0 [ 99.129760] ? add_dirent_to_buf+0x630/0x630 [ 99.129761] ? memset+0x1f/0x40 [ 99.129763] ? fscrypt_setup_filename+0x32/0xce0 [ 99.129765] ? ext4_getblk+0x127/0x3d0 [ 99.129766] ? do_syscall_64+0x9a/0x390 [ 99.129768] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 99.129769] ? ext4_iomap_begin+0xf10/0xf10 [ 99.129771] ? add_transaction_credits+0x13d/0xaf0 [ 99.129772] ? memset+0x1f/0x40 [ 99.129773] ? ext4_fname_setup_filename+0xd1/0x1f0 [ 99.129775] ? memset+0x1f/0x40 [ 99.129776] ext4_add_entry+0x6c7/0xcd0 [ 99.129778] ? make_indexed_dir+0x1130/0x1130 [ 99.129779] ? jbd2_journal_get_write_access+0xaf/0x120 [ 99.129781] ? __ext4_journal_get_write_access+0x41/0x70 [ 99.129782] ? jbd2__journal_start+0x2d6/0x760 [ 99.129784] ext4_rename+0xef9/0x1e00 [ 99.129786] ? avc_has_perm_noaudit+0x1b3/0x380 [ 99.129787] ? ext4_tmpfile+0x3a0/0x3a0 [ 99.129788] ? avc_has_extended_perms+0xe80/0xe80 [ 99.129790] ? selinux_path_notify+0x460/0x460 [ 99.129792] vfs_rename+0x84f/0x1550 [ 99.129794] ? tomoyo_cred_prepare+0xb1/0x160 [ 99.129795] ? vfs_mkdir+0x5a0/0x5a0 [ 99.129796] ? d_alloc+0x56/0x210 [ 99.129797] ? do_renameat2+0x78a/0x970 [ 99.129798] do_renameat2+0x78a/0x970 [ 99.129800] ? user_path_create+0x30/0x30 [ 99.129801] ? lockref_put_return+0xd7/0x190 [ 99.129803] ? blk_pre_runtime_suspend+0x280/0x280 [ 99.129804] ? kmem_cache_alloc+0x177/0x220 [ 99.129805] ? mnt_get_count+0x1e0/0x1e0 [ 99.129806] ? dput+0x5a/0x760 [ 99.129808] ? path_setxattr+0xb9/0x130 [ 99.129809] ? setxattr+0x240/0x240 [ 99.129810] ? __fget_light+0x55/0x1f0 [ 99.129811] ? __fget_light+0x55/0x1f0 [ 99.129813] __x64_sys_rename+0x5a/0x80 [ 99.129814] do_syscall_64+0x9a/0x390 [ 99.129815] ? prepare_exit_to_usermode+0xec/0x1a0 [ 99.129817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 99.129819] RIP: 0033:0x7f8665863639

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:4.18.0-425.3.1.rt7.213.el8
0:4.18.0-425.3.1.rt7.213.el8
redhat/kernel<0:4.18.0-425.3.1.el8
0:4.18.0-425.3.1.el8
redhat/kernel<0:5.14.0-162.6.1.el9_1
0:5.14.0-162.6.1.el9_1
redhat/kernel-rt<0:5.14.0-162.6.1.rt21.168.el9_1
0:5.14.0-162.6.1.rt21.168.el9_1
Linux Kernel>2.6.12<4.9.138
Linux Kernel>4.14<4.14.283
Linux Kernel>4.19<4.19.247
Linux Kernel>5.4<5.4.198
Linux Kernel>5.10<5.10.121
Linux Kernel>5.15<5.15.46
Linux Kernel>5.17<5.17.14
Linux Kernel>5.18<5.18.3
Linux Kernel=2.6.12
Linux Kernel=2.6.12-rc2
Linux Kernel=2.6.12-rc3
Linux Kernel=2.6.12-rc4
Linux Kernel=2.6.12-rc5
Linux Kernel=2.6.12-rc6
Red Hat Enterprise Linux=8.0
Red Hat Enterprise Linux=9.0
Debian Linux=10.0
Debian Linux=11.0
Ubuntu=14.04
Ubuntu=16.04
Ubuntu=18.04
Ubuntu=20.04
Linux Kernel
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2022-1184?

    CVE-2022-1184 is classified as a high severity vulnerability due to its potential to cause segmentation faults in critical system components.

  • What are the affected versions for CVE-2022-1184?

    CVE-2022-1184 affects various versions of the Linux Kernel, specifically those before 4.18.0-425.3.1, among others.

  • How do I fix CVE-2022-1184?

    To fix CVE-2022-1184, upgrade to the patched versions including kernel-rt 0:4.18.0-425.3.1.rt7.213.el8 or kernel 0:4.18.0-425.3.1.el8 for Red Hat systems.

  • What systems are affected by CVE-2022-1184?

    CVE-2022-1184 impacts systems running certain versions of the Linux Kernel, Red Hat Enterprise Linux, and Debian GNU/Linux.

  • Is CVE-2022-1184 remotely exploitable?

    CVE-2022-1184 is not remotely exploitable, but it can lead to local denial-of-service conditions.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203