{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2022-48903",
        "ASSIGNER": "cve@kernel.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix relocation crash due to premature return from btrfs_commit_transaction()\n\nWe are seeing crashes similar to the following trace:\n\n[38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs]\n[38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54\n[38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs]\n[38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206\n[38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14\n[38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360\n[38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000\n[38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800\n[38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360\n[38.987146] FS:  00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000\n[38.988662] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0\n[38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[38.992528] Call Trace:\n[38.992854]  <TASK>\n[38.993148]  btrfs_relocate_chunk+0x27/0xe0 [btrfs]\n[38.993941]  btrfs_balance+0x78e/0xea0 [btrfs]\n[38.994801]  ? vsnprintf+0x33c/0x520\n[38.995368]  ? __kmalloc_track_caller+0x351/0x440\n[38.996198]  btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs]\n[38.997084]  btrfs_ioctl+0x11b0/0x2da0 [btrfs]\n[38.997867]  ? mod_objcg_state+0xee/0x340\n[38.998552]  ? seq_release+0x24/0x30\n[38.999184]  ? proc_nr_files+0x30/0x30\n[38.999654]  ? call_rcu+0xc8/0x2f0\n[39.000228]  ? __x64_sys_ioctl+0x84/0xc0\n[39.000872]  ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]\n[39.001973]  __x64_sys_ioctl+0x84/0xc0\n[39.002566]  do_syscall_64+0x3a/0x80\n[39.003011]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[39.003735] RIP: 0033:0x7f11c166959b\n[39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b\n[39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003\n[39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0\n[39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3\n[39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001\n[39.015040]  </TASK>\n[39.015418] ---[ end trace 0000000000000000 ]---\n[43.131559] ------------[ cut here ]------------\n[43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717!\n[43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G        W         5.17.0-rc4 #54\n[43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\n[43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs]\n[43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246\n[43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001\n[43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff\n[43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50\n[43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000\n[43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000\n[43.145686] FS:  00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000\n[43.146808] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0\n[43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000\n---truncated---"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Linux",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Linux",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "d0c2f4fa555e",
                                            "version_value": "725a6ac389b1"
                                        },
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "version": "5.12",
                                                        "status": "affected"
                                                    },
                                                    {
                                                        "version": "0",
                                                        "lessThan": "5.12",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "5.15.27",
                                                        "lessThanOrEqual": "5.15.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "5.16.13",
                                                        "lessThanOrEqual": "5.16.*",
                                                        "status": "unaffected",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "version": "5.17",
                                                        "lessThanOrEqual": "*",
                                                        "status": "unaffected",
                                                        "versionType": "original_commit_for_fix"
                                                    }
                                                ],
                                                "defaultStatus": "affected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://git.kernel.org/stable/c/725a6ac389b182261af174176e561a36b0f39ffc",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/725a6ac389b182261af174176e561a36b0f39ffc"
            },
            {
                "url": "https://git.kernel.org/stable/c/a4378947ae39f08c6ae4c6a87ccdebc981a7bbcb",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/a4378947ae39f08c6ae4c6a87ccdebc981a7bbcb"
            },
            {
                "url": "https://git.kernel.org/stable/c/5fd76bf31ccfecc06e2e6b29f8c809e934085b99",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/5fd76bf31ccfecc06e2e6b29f8c809e934085b99"
            }
        ]
    },
    "generator": {
        "engine": "bippy-c9c4e1df01b2"
    }
}