Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2022-49849

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix match incorrectly in dev_args_match_device

syzkaller found a failed assertion:

assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921

This can be triggered when we set devid to (u64)-1 by ioctl. In this case, the match of devid will be skipped and the match of device may succeed incorrectly.

Patch 562d7b1512f7 introduced this function which is used to match device. This function contains two matching scenarios, we can distinguish them by checking the value of args->missing rather than check whether args->devid and args->uuid is default value.

Published: May 1, 2025
Updated: Nov 11, 2025
CVE: CVE-2022-49849
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.15.54	5.15.79
linux / linux_kernel	5.16	6.0.9
linux / linux_kernel	6.1-rc1	6.1-rc1.x
linux / linux_kernel	6.1-rc2	6.1-rc2.x
linux / linux_kernel	6.1-rc3	6.1-rc3.x
linux / linux_kernel	6.1-rc4	6.1-rc4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo