CVE-2022-50057

EPSS 0.03%
Published 18.06.2025 11:02:06
Last modified 18.06.2025 13:47:40
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr

If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.
Code should check this ptr before dereferencing. Syzbot hit this issue
via passing wrong mount param as can be seen from log below

Fail log:
ntfs3: Unknown parameter 'iochvrset'
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0
...
Call Trace:
 <TASK>
 put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463
 ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363
 put_fs_context+0x119/0x7a0 fs/fs_context.c:469
 do_new_mount+0x2b4/0xad0 fs/namespace.c:3044
 do_mount fs/namespace.c:3383 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 8e8e1a84dac7a3d2b432162a70d7fb6a75960772

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < bf6089dc01ba3194ab962105d7b85690843c256f

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

Version < 321460ca3b55f48b3ba6008248264ab2bd6407d9

Version 82cae269cfa953032fbb8980a7d554d60fb00b17

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.63

Status unaffected

Version <= 5.19.*

Version 5.19.4

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.051

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/8e8e1a84dac7a3d2b432162a70d7fb6a75960772

https://git.kernel.org/stable/c/bf6089dc01ba3194ab962105d7b85690843c256f

https://git.kernel.org/stable/c/321460ca3b55f48b3ba6008248264ab2bd6407d9

https://nvd.nist.gov/vuln/detail/CVE-2022-50057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50057

EUVD