GHSA-VR74-H7W6-QJP6
Vulnerability from github – Published: 2025-10-21 18:30 – Updated: 2025-10-21 18:30In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not double complete bio on errors during compressed reads
I hit some weird panics while fixing up the error handling from btrfs_lookup_bio_sums(). Turns out the compression path will complete the bio we use if we set up any of the compression bios and then return an error, and then btrfs_submit_data_bio() will also call bio_endio() on the bio.
Fix this by making btrfs_submit_compressed_read() responsible for calling bio_endio() on the bio if there are any errors. Currently it was only doing it if we created the compression bios, otherwise it was depending on btrfs_submit_data_bio() to do the right thing. This creates the above problem, so fix up btrfs_submit_compressed_read() to always call bio_endio() in case of an error, and then simply return from btrfs_submit_data_bio() if we had to call btrfs_submit_compressed_read().
{
"affected": [],
"aliases": [
"CVE-2022-49167"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:53Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not double complete bio on errors during compressed reads\n\nI hit some weird panics while fixing up the error handling from\nbtrfs_lookup_bio_sums(). Turns out the compression path will complete\nthe bio we use if we set up any of the compression bios and then return\nan error, and then btrfs_submit_data_bio() will also call bio_endio() on\nthe bio.\n\nFix this by making btrfs_submit_compressed_read() responsible for\ncalling bio_endio() on the bio if there are any errors. Currently it\nwas only doing it if we created the compression bios, otherwise it was\ndepending on btrfs_submit_data_bio() to do the right thing. This\ncreates the above problem, so fix up btrfs_submit_compressed_read() to\nalways call bio_endio() in case of an error, and then simply return from\nbtrfs_submit_data_bio() if we had to call\nbtrfs_submit_compressed_read().",
"id": "GHSA-vr74-h7w6-qjp6",
"modified": "2025-10-21T18:30:29Z",
"published": "2025-10-21T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49167"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a4ceb2b990771c374d85d496a1a45255dde48e3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/987b5df1d10355d377315a26e7fb6c72ded83c9f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9f15de85d74e7eef021af059ca53a15f041cdd8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.