CVE-2022-50512
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_regions() As krealloc may return NULL, in this case 'state->fc_regions' may not be freed by krealloc, but 'state->fc_regions' already set NULL. Then will lead to 'state->fc_regions' memory leak.
Analysis
A memory leak vulnerability exists in the Linux kernel's ext4 fast commit (fc) implementation within the ext4_fc_record_regions() function. The vulnerability occurs when krealloc() fails and returns NULL, causing the function to improperly handle the state->fc_regions pointer, leaving allocated memory unreferenced and unable to be freed. This affects all Linux kernel versions with the vulnerable code path, allowing local attackers with unprivileged user access to exhaust kernel memory and trigger denial of service conditions. While the EPSS score of 0.01% indicates low real-world exploitation probability and no active exploitation is tracked in KEV data, the availability impact is high (CVSS score 5.5), and patches have been made available across multiple stable kernel branches.
Technical Context
The vulnerability resides in the ext4 filesystem driver's fast commit recovery mechanism, specifically in the ext4_fc_record_regions() function. Fast commit is an ext4 optimization feature that accelerates filesystem recovery after unclean shutdowns by logging only modified regions rather than full metadata. The root cause is a classic memory management error (CWE-401: Missing Release of Memory after Effective Lifetime), where the code fails to preserve the original pointer value before calling krealloc(). When krealloc() fails due to memory pressure, it returns NULL while leaving the original buffer allocated. The vulnerable code path then assigns this NULL value directly to state->fc_regions without first saving the old pointer, making the original allocation unreachable and creating a memory leak. This occurs in the Linux kernel's ext4 filesystem driver (identified via CPE cpe:2.3:o:linux:linux_kernel) and affects all versions where this code pattern exists in the fast commit implementation.
Affected Products
The Linux kernel across multiple versions is affected by this vulnerability, as confirmed by the generic CPE entries cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* in the NVD record. The vulnerability specifically impacts any kernel version containing the vulnerable ext4_fc_record_regions() code path. Patches have been released for multiple stable kernel branches, including fixes committed via kernel.org references 2cfb769d60a2a57eb3566765428b6131cd16dcfe, 417b0455a0b6d0f60a2930592731d1f8340e24be, 518566e71ad86b7c2f1bf6d9caee9588bb7ac158, 7069d105c1f15c442b68af43f7fde784f3126739, and a4058b869e6c5e517c79e30532a350d0f3115c3e. Affected users should check their kernel version and determine if the fast commit code path is enabled in their configuration, as not all builds include fast commit functionality.
Remediation
Apply the available kernel patch from your Linux distribution's stable branch or upgrade to a patched kernel version. The upstream fixes are available at https://git.kernel.org/stable/c/2cfb769d60a2a57eb3566765428b6131cd16dcfe and related commit references provided in the NVD entry. For production systems, prioritize updating during the next scheduled maintenance window since the EPSS score indicates low immediate exploitation risk. As a temporary workaround pending patching, disable ext4 fast commit if your workload permits by setting the mount option -o nofast_commit when mounting ext4 filesystems, though this reduces recovery performance and is not a long-term solution. Monitor system logs for signs of memory pressure or unexpected OOM (Out of Memory) events that could indicate exploitation attempts while awaiting patches.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today