-

CVE-2022-50567

EPSS 0.06%
Veröffentlicht 22.10.2025 13:23:24
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

fs: jfs: fix shift-out-of-bounds in dbAllocAG

In the Linux kernel, the following vulnerability has been resolved:

fs: jfs: fix shift-out-of-bounds in dbAllocAG

Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The
underlying bug is the missing check of bmp->db_agl2size. The field can
be greater than 64 and trigger the shift-out-of-bounds.

Fix this bug by adding a check of bmp->db_agl2size in dbMount since this
field is used in many following functions. The upper bound for this
field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kleikamp.
Note that, for maintenance, I reorganized error handling code of dbMount.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < d3b486946a4e62c7ef6023f7d9c1d049051384ba

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 3115313cf03113e87c87adee18ee49a20bbdb9ba

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < eea87acb6027be3dd4d3c57186bb22800d57fdda

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 359616ce587e524107730504891afa4b1a8be58c

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 0536f76a2bca83d1a3740517ba22cc93a44b3099

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 2c575c8905f7a8b32d5611b91856b69bac2a5bf1

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 67973caae78e21ee46a7281aaa8ca364eb9c444f

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 898f706695682b9954f280d95e49fa86ffa55d08

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version 0

Version < 2.6.12

Status unaffected

Version <= 4.9.*

Version 4.9.337

Status unaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/d3b486946a4e62c7ef6023f7d9c1d049051384ba

https://git.kernel.org/stable/c/3115313cf03113e87c87adee18ee49a20bbdb9ba

https://git.kernel.org/stable/c/eea87acb6027be3dd4d3c57186bb22800d57fdda

https://git.kernel.org/stable/c/359616ce587e524107730504891afa4b1a8be58c

https://git.kernel.org/stable/c/3e997e4ce8ae7ab89d72334120f6aee49c5bbdbd

https://git.kernel.org/stable/c/0536f76a2bca83d1a3740517ba22cc93a44b3099

https://git.kernel.org/stable/c/2c575c8905f7a8b32d5611b91856b69bac2a5bf1

https://git.kernel.org/stable/c/67973caae78e21ee46a7281aaa8ca364eb9c444f

https://git.kernel.org/stable/c/898f706695682b9954f280d95e49fa86ffa55d08

https://nvd.nist.gov/vuln/detail/CVE-2022-50567

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50567

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50567

EUVD