-

CVE-2022-50864

EPSS 0.03%
Veröffentlicht 30.12.2025 12:15:36
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix shift-out-of-bounds due to too large exponent of block size

If field s_log_block_size of superblock data is corrupted and too large,
init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds
warning followed by a kernel panic (if panic_on_warn is set):

 shift exponent 38973 is too large for 32-bit type 'int'
 Call Trace:
  <TASK>
  dump_stack_lvl+0xcd/0x134
  ubsan_epilogue+0xb/0x50
  __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5
  init_nilfs.cold.11+0x18/0x1d [nilfs2]
  nilfs_mount+0x9b5/0x12b0 [nilfs2]
  ...

This fixes the issue by adding and using a new helper function for getting
block size with sanity check.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ec93b5430ec0f60877a5388bb023d60624f9ab9f

Version 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f

Status affected

Version < 8b6ef451b5701b37d9a5905534595776a662edfc

Version 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f

Status affected

Version < ddb6615a168f97b91175e00eda4c644741cf531c

Version 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f

Status affected

Version < a16731fa1b96226c75bbf18e73513b14fc318360

Version 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f

Status affected

Version < ebeccaaef67a4895d2496ab8d9c2fb8d89201211

Version 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.30

Status affected

Version < 2.6.30

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/ec93b5430ec0f60877a5388bb023d60624f9ab9f

https://git.kernel.org/stable/c/8b6ef451b5701b37d9a5905534595776a662edfc

https://git.kernel.org/stable/c/ddb6615a168f97b91175e00eda4c644741cf531c

https://git.kernel.org/stable/c/a16731fa1b96226c75bbf18e73513b14fc318360

https://git.kernel.org/stable/c/ebeccaaef67a4895d2496ab8d9c2fb8d89201211

https://nvd.nist.gov/vuln/detail/CVE-2022-50864

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50864

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50864

EUVD