CVE-2022-49414: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a race condition vulnerability was discovered between ext4_write and ext4_convert_inline_data functions. The issue was reported by Hulk Robot and involves concurrent access to locks where ext4_convert_inline_data holds the xattr_sem lock while generic_perform_write holds the i_rwsem lock (Kernel Git).

The vulnerability manifests as a race condition that can trigger a BUG_ON condition in the kernel. The issue occurs because the lock held by ext4_convert_inline_data (xattr_sem) and the lock held by generic_perform_write (i_rwsem) can be concurrent. This leads to inconsistencies between block bitmap and bg descriptor, specifically showing "25 vs 31513 free clusters" error, and ultimately causes a kernel BUG at fs/ext4/ext4_jbd2.c:53 (Kernel Git).

When exploited, this vulnerability can cause a kernel panic through the BUG_ON condition, leading to system instability and potential denial of service. The issue affects the ext4 filesystem's handling of inline data conversion and write operations (Kernel Git).

The issue has been fixed by adding inode_lock() for ext4_convert_inline_data() and reorganizing the code flow. The fix moves ext4_convert_inline_data() in front of ext4_punch_hole() and removes similar handling from ext4_punch_hole(). This change was implemented in the kernel patch that fixes the race condition (Kernel Git).