1. Home
  2. Vulnerabilities
  3. CVE-2022-50845
0.0
NA
CVE-2022-50845
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: [localhost]# fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Unattached zero-length inode 15. Clear? no Unattached inode 15 Connect to /lost+found? no Pass 5: Checking group summary information /dev/sda: ********** WARNING: Filesystem still has errors ********** /dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()' fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.

INFO

Published Date :

Dec. 30, 2025, 1:15 p.m.

Last Modified :

Dec. 30, 2025, 1:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-50845 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Apply kernel patch to fix inode leak in ext4_xattr_inode_create function.
  • Update the Linux kernel to the latest version.
  • Apply the specific patch for ext4 inode leak.
  • Reboot the system after applying the patch.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-50845.

URL Resource
https://git.kernel.org/stable/c/0f709e08caffb41bbc9b38b9a4c1bd0769794007
https://git.kernel.org/stable/c/322cf639b0b7f137543072c55545adab782b3a25
https://git.kernel.org/stable/c/70e5b46beba64706430a87a6d516054225e8ac8a
https://git.kernel.org/stable/c/9882601ee689975c1c0076ee65bf222a2a35e535
https://git.kernel.org/stable/c/9ef603086c5b796fde1c7f22a17d0fc826ba54cb
https://git.kernel.org/stable/c/e4db04f7d3dbbe16680e0ded27ea2a65b10f766a
https://git.kernel.org/stable/c/eab94a46560f68d4bcd15222701ced479f84f427
https://git.kernel.org/stable/c/fdaaf45786dc8c17a72901021772520fceb18f8c
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-50845 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-50845 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-50845 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-50845 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 30, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: [localhost]# fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Unattached zero-length inode 15. Clear? no Unattached inode 15 Connect to /lost+found? no Pass 5: Checking group summary information /dev/sda: ********** WARNING: Filesystem still has errors ********** /dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()' fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.
    Added Reference https://git.kernel.org/stable/c/0f709e08caffb41bbc9b38b9a4c1bd0769794007
    Added Reference https://git.kernel.org/stable/c/322cf639b0b7f137543072c55545adab782b3a25
    Added Reference https://git.kernel.org/stable/c/70e5b46beba64706430a87a6d516054225e8ac8a
    Added Reference https://git.kernel.org/stable/c/9882601ee689975c1c0076ee65bf222a2a35e535
    Added Reference https://git.kernel.org/stable/c/9ef603086c5b796fde1c7f22a17d0fc826ba54cb
    Added Reference https://git.kernel.org/stable/c/e4db04f7d3dbbe16680e0ded27ea2a65b10f766a
    Added Reference https://git.kernel.org/stable/c/eab94a46560f68d4bcd15222701ced479f84f427
    Added Reference https://git.kernel.org/stable/c/fdaaf45786dc8c17a72901021772520fceb18f8c
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.