-

CVE-2022-50313

EPSS 0.03%
Veröffentlicht 15.09.2025 14:46:08
Zuletzt bearbeitet 15.09.2025 15:22:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix order >= MAX_ORDER warning due to crafted negative i_size

As syzbot reported [1], the root cause is that i_size field is a
signed type, and negative i_size is also less than EROFS_BLKSIZ.
As a consequence, it's handled as fast symlink unexpectedly.

Let's fall back to the generic path to deal with such unusual i_size.

[1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 17a0cdbd7b0cf0fc0d7ca4187a67f8f1c18c291f

Version 431339ba90423a038914c6032bfd71f0ba7ef2f2

Status affected

Version < 0ab621fcdff1a58ff4de51a8590fa92a0ecd34be

Version 431339ba90423a038914c6032bfd71f0ba7ef2f2

Status affected

Version < acc2f40b980c61a9178b72cdedd150b829064997

Version 431339ba90423a038914c6032bfd71f0ba7ef2f2

Status affected

Version < b6c8330f5b0f22149957a2e4977fd0f01a9db7cd

Version 431339ba90423a038914c6032bfd71f0ba7ef2f2

Status affected

Version < 6235fb899b25fd287d5e42635ff82196395708cc

Version 431339ba90423a038914c6032bfd71f0ba7ef2f2

Status affected

Version < 1dd73601a1cba37a0ed5f89a8662c90191df5873

Version 431339ba90423a038914c6032bfd71f0ba7ef2f2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.19

Status affected

Version < 4.19

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.289

Status unaffected

Version <= 5.10.*

Version 5.10.233

Status unaffected

Version <= 5.15.*

Version 5.15.82

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/17a0cdbd7b0cf0fc0d7ca4187a67f8f1c18c291f

https://git.kernel.org/stable/c/0ab621fcdff1a58ff4de51a8590fa92a0ecd34be

https://git.kernel.org/stable/c/acc2f40b980c61a9178b72cdedd150b829064997

https://git.kernel.org/stable/c/b6c8330f5b0f22149957a2e4977fd0f01a9db7cd

https://git.kernel.org/stable/c/6235fb899b25fd287d5e42635ff82196395708cc

https://git.kernel.org/stable/c/1dd73601a1cba37a0ed5f89a8662c90191df5873

https://nvd.nist.gov/vuln/detail/CVE-2022-50313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50313

EUVD