CVE-2022-49553

EPSS 0.14%
Veröffentlicht 26.02.2025 07:01:31
Zuletzt bearbeitet 22.10.2025 17:36:08
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

fs/ntfs3: validate BOOT sectors_per_clusters

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: validate BOOT sectors_per_clusters

When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a
shift value.  Make sure that the shift value is not too large before using
it (NTFS max cluster size is 2MB).  Return -EVINVAL if it too large.

This prevents negative shift values and shift values that are larger than
the field size.

Prevents this UBSAN error:

 UBSAN: shift-out-of-bounds in ../fs/ntfs3/super.c:673:16
 shift exponent -192 is negative

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 3 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.45

Linux ≫ Linux Kernel Version >= 5.16 < 5.17.13

Linux ≫ Linux Kernel Version >= 5.18 < 5.18.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/4746c49b11b2403f5b5b07c6eac9e60663dcd9a3

Patch

https://git.kernel.org/stable/c/58cf68a1886d14ffdc5c892ce483a82156769e88

Patch

https://git.kernel.org/stable/c/a2b6986316a2d106f6951e76db70fa4b2fde64a9

Patch

https://git.kernel.org/stable/c/a3b774342fa752a5290c0de36375289dfcf4a260

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49553

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49553

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49553

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-49553