CVE-2022-48502

Exploit

EPSS 0.01%
Published 31.05.2023 20:15:10
Last modified 21.11.2024 07:33:27
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.121

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.40

Netapp ≫ H300s Version-

Netapp ≫ H410c Version-

Netapp ≫ H410s Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2

Release Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b

Patch

Mailing List

https://security.netapp.com/advisory/ntap-20230703-0004/

Third Party Advisory

VDB Entry

https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-48502

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48502

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48502

EUVD