CVE-2022-50379
Published: Sep 18, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas, at btrfs_quota_enable(), after committing the transaction, we change fs_info->quota_root to point to the quota root we created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try to start the qgroup rescan worker, first by initializing it with a call to qgroup_rescan_init() - however if that fails we end up freeing the quota root but we leave fs_info->quota_root still pointing to it, this can later result in a use-after-free somewhere else. We have previously set the flags BTRFS_FS_QUOTA_ENABLED and BTRFS_QGROUP_STATUS_FLAG_ON, so we can only fail with -EINPROGRESS at btrfs_quota_enable(), which is possible if someone already called the quota rescan ioctl, and therefore started the rescan worker. So fix this by ignoring an -EINPROGRESS and asserting we can't get any other error.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5d23515be66904fa3b1b5d6bd72d2199cd2447ab - < c97f6d528c3f1c83a6b792a8a7928c236c80b8feaffected 5d23515be66904fa3b1b5d6bd72d2199cd2447ab - < 26b7c0ac49a3eea15559c9d84863736a6d1164b4affected 5d23515be66904fa3b1b5d6bd72d2199cd2447ab - < 47b5ffe86332af95f0f52be0a63d4da7c2b37b55affected 5d23515be66904fa3b1b5d6bd72d2199cd2447ab - < 4b996a3014ef014af8f97b60c35f5289210a4720affected 5d23515be66904fa3b1b5d6bd72d2199cd2447ab - < 0efd9dfc00d677a1d0929319a6103cb2dfc41c22+2 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 4.19.262 - <= 4.19.*unaffected 5.4.220 - <= 5.4.*unaffected 5.10.150 - <= 5.10.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now