CVE-2022-49739: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49739 affects the Linux kernel and involves a vulnerability in the GFS2 filesystem's handling of inline inodes. The issue was discovered and disclosed on March 27, 2025. The vulnerability specifically relates to checking inode size of stuffed (inline) inodes within the allowed range when reading inodes from disk through the gfs2dinodein() function (NVD).

The vulnerability involves the GFS2 filesystem's handling of inline inodes, specifically in the validation of inode sizes when reading from disk. The issue occurs in the gfs2dinodein() function where proper size validation was missing for stuffed (inline) inodes. Two related checks in stuffedreadpage() and gfs2unstuffer_page() that truncated inline data to the maximum allowed size were determined to be unnecessary and were removed (NVD).

The vulnerability could potentially lead to on-disk corruption in systems using the GFS2 filesystem with inline inodes. This affects various Linux distributions including Ubuntu and Red Hat Enterprise Linux systems (Ubuntu).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has fixed the issue in various versions including Ubuntu 22.04 LTS (version 5.15.0-72.79) and 20.04 LTS (version 5.4.0-156.173). The fix has also been implemented across different kernel variants including linux-aws, linux-azure, and linux-gcp (Ubuntu).