Homepage

CVE-2022-49761 Affecting perf package, versions *

Severity

 Recommended
low

Based on CentOS security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-PERF-9557543
  • published28 Mar 2025
  • disclosed27 Mar 2025
Report a new vulnerability Found a mistake?

Introduced: 27 Mar 2025

NewCVE-2022-49761  (opens in a new tab)

How to fix?

There is no fixed version for Centos:7 perf.

NVD Description

Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

btrfs: always report error in run_one_delayed_ref()

Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging.

This patch will:

  • Add extra info for error reporting Including:

    • logical bytenr
    • num_bytes
    • type
    • action
    • ref_mod

  • Replace the btrfs_debug() with btrfs_err()

  • Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller.

This error should only be triggered at most once.

As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out:

btrfs_run_delayed_refs() - btrfs_run_delayed_refs() - btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref()

And we will abort the current transaction in btrfs_run_delayed_refs(). If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output.

CVSS Base Scores

version 3.1