CVE-2022-50766 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer syzbot is reporting uninit-value in btrfs_clean_tree_block() [1], for commit bc877d285ca3dba2 ("btrfs: Deduplicate extent_buffer init code") missed that btrfs_set_header_generation() in btrfs_init_new_buffer() must not be moved to after clean_tree_block() because clean_tree_block() is calling btrfs_header_generation() since commit 55c69072d6bd5be1 ("Btrfs: Fix extent_buffer usage when nodesize != leafsize"). Since memzero_extent_buffer() will reset "struct btrfs_header" part, we can't move btrfs_set_header_generation() to before memzero_extent_buffer(). Just re-add btrfs_set_header_generation() before btrfs_clean_tree_block().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0a408c6212c16b9a2a1141d3c531247582ef8101
https://git.kernel.org/stable/c/89bc41c92d10b905c60f6ec13c9ef664a3555c54
https://git.kernel.org/stable/c/a687c2890fe4a2acaac6941fa4097a1264d8f3eb
https://git.kernel.org/stable/c/cbddcc4fa3443fe8cfb2ff8e210deb1f6a0eea38

History

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer syzbot is reporting uninit-value in btrfs_clean_tree_block() [1], for commit bc877d285ca3dba2 ("btrfs: Deduplicate extent_buffer init code") missed that btrfs_set_header_generation() in btrfs_init_new_buffer() must not be moved to after clean_tree_block() because clean_tree_block() is calling btrfs_header_generation() since commit 55c69072d6bd5be1 ("Btrfs: Fix extent_buffer usage when nodesize != leafsize"). Since memzero_extent_buffer() will reset "struct btrfs_header" part, we can't move btrfs_set_header_generation() to before memzero_extent_buffer(). Just re-add btrfs_set_header_generation() before btrfs_clean_tree_block().
Title		btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0a408c6212c16b9a2a1141d3c531247582ef8101 https://git.kernel.org/stable/c/89bc41c92d10b905c60f6ec13c9ef664a3555c54 https://git.kernel.org/stable/c/a687c2890fe4a2acaac6941fa4097a1264d8f3eb https://git.kernel.org/stable/c/cbddcc4fa3443fe8cfb2ff8e210deb1f6a0eea38

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:05:56.873Z

Updated: 2025-12-24T13:05:56.873Z

Reserved: 2025-12-24T13:02:21.546Z

Link: CVE-2022-50766

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T13:16:03.400

Modified: 2025-12-24T13:16:03.400

Link: CVE-2022-50766

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object