What is CVE-2022-49738?

CVE-2022-49738 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10, classified as a Out-of-bounds Read flaw (CWE-125), affecting Linux kernel versions from 3.8 onward and patched in 5.4.232, 5.10.168, 5.15.93 and others. CVE-2022-49738 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-49738?

CVE-2022-49738 has a CVSS score of 7.1 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Is there a patch available for CVE-2022-49738?

Yes, CVE-2022-49738 has been patched. Fixed versions include 5.4.232, 5.10.168, 5.15.93 and others. If you are running Linux kernel 3.8 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-49738 actively exploited?

CVE-2022-49738 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/125.html

CVE-2022-49738

High

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kworker/u4:3/52 CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x15e/0x45d mm/kasan/report.c:395 kasan_report+0xbb/0x1f0 mm/kasan/report.c:495 data_blkaddr fs/f2fs/f2fs.h:2891 [inline] is_alive fs/f2fs/gc.c:1117 [inline] gc_data_segment fs/f2fs/gc.c:1520 [inline] do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 f2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831 f2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410 f2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753 write_inode fs/fs-writeback.c:1440 [inline] __writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652 writeback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870 wb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044 wb_do_writeback fs/fs-writeback.c:2187 [inline] wb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 The root cause is that we forgot to do sanity check on .i_extra_isize in below path, result in accessing invalid address later, fix it. - gc_data_segment - is_alive - data_blkaddr - offset_in_addr

Package Linux Kernel

Published 2025-03-27

Last modified 2025-10-01

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.1

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness type

CWE-125

CVE-2022-49738 is a Out-of-bounds Read vulnerability

What is Out-of-bounds Read?

The product reads data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE

Affected versions

Linux kernel versions 3.8 and later are affected. Fixed in 5.4.232, 5.10.168, 5.15.93, 6.1.11, 6.2 and their respective stable series.

Affected from

≥ 3.8

Fixed in

✓ 5.4.232 5.4.x ✓ 5.10.168 5.10.x ✓ 5.15.93 5.15.x ✓ 6.1.11 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-49738 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36
Patch
Kernel patch commit
https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29
Patch
Kernel patch commit
https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2022-49738

Severity High

CVSS score 7.1 / 10

CVSS version 3.1

Published 2025-03-27

Modified 2025-10-01

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2022-49738?

CVE-2022-49738 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 , classified as an Out-of-bounds Read flaw (CWE-125) . It affects Linux kernel versions from 3.8 onward and has been patched in 5.4.232, 5.10.168, 5.15.93 and others. CVE-2022-49738 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-49738?

CVE-2022-49738 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Is there a patch available for CVE-2022-49738?

Yes — CVE-2022-49738 has been patched. Fixed versions include 5.4.232, 5.10.168, 5.15.93 and others. If you are running Linux kernel 3.8 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-49738 actively exploited?

No — CVE-2022-49738 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. View CWE-125 on MITRE CWE →