CVE-2022-50057

EPSS 0.03%
Veröffentlicht 18.06.2025 11:02:06
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr

If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.
Code should check this ptr before dereferencing. Syzbot hit this issue
via passing wrong mount param as can be seen from log below

Fail log:
ntfs3: Unknown parameter 'iochvrset'
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0
...
Call Trace:
 <TASK>
 put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463
 ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363
 put_fs_context+0x119/0x7a0 fs/fs_context.c:469
 do_new_mount+0x2b4/0xad0 fs/namespace.c:3044
 do_mount fs/namespace.c:3383 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8e8e1a84dac7a3d2b432162a70d7fb6a75960772

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < bf6089dc01ba3194ab962105d7b85690843c256f

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 321460ca3b55f48b3ba6008248264ab2bd6407d9

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.63

Status unaffected

Version <= 5.19.*

Version 5.19.4

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.051

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/8e8e1a84dac7a3d2b432162a70d7fb6a75960772

https://git.kernel.org/stable/c/bf6089dc01ba3194ab962105d7b85690843c256f

https://git.kernel.org/stable/c/321460ca3b55f48b3ba6008248264ab2bd6407d9

https://nvd.nist.gov/vuln/detail/CVE-2022-50057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50057

EUVD