5.5
CVE-2022-49553
- EPSS 0.25%
- Veröffentlicht 26.02.2025 07:01:31
- Zuletzt bearbeitet 22.10.2025 17:36:08
- CVE-Watchlists
- Unerledigt
fs/ntfs3: validate BOOT sectors_per_clusters
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectors_per_clusters When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a shift value. Make sure that the shift value is not too large before using it (NTFS max cluster size is 2MB). Return -EVINVAL if it too large. This prevents negative shift values and shift values that are larger than the field size. Prevents this UBSAN error: UBSAN: shift-out-of-bounds in ../fs/ntfs3/super.c:673:16 shift exponent -192 is negative
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 5.15.45
Linux ≫ Linux Kernel Version >= 5.16 < 5.17.13
Linux ≫ Linux Kernel Version >= 5.18 < 5.18.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.156 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://git.kernel.org/stable/c/4746c49b11b2403f5b5b07c6eac9e60663dcd9a3
https://git.kernel.org/stable/c/58cf68a1886d14ffdc5c892ce483a82156769e88
https://git.kernel.org/stable/c/a2b6986316a2d106f6951e76db70fa4b2fde64a9
https://git.kernel.org/stable/c/a3b774342fa752a5290c0de36375289dfcf4a260