CVE-2022-50869

EPSS 0.03%
Veröffentlicht 30.12.2025 12:15:39
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix slab-out-of-bounds in r_page

When PAGE_SIZE is 64K, if read_log_page is called by log_read_rst for
the first time, the size of *buffer would be equal to
DefaultLogPageSize(4K).But for *buffer operations like memcpy,
if the memory area size(n) which being assigned to buffer is larger
than 4K (log->page_size(64K) or bytes(64K-page_off)), it will cause
an out of boundary error.
 Call trace:
  [...]
  kasan_report+0x44/0x130
  check_memory_region+0xf8/0x1a0
  memcpy+0xc8/0x100
  ntfs_read_run_nb+0x20c/0x460
  read_log_page+0xd0/0x1f4
  log_read_rst+0x110/0x75c
  log_replay+0x1e8/0x4aa0
  ntfs_loadlog_and_replay+0x290/0x2d0
  ntfs_fill_super+0x508/0xec0
  get_tree_bdev+0x1fc/0x34c
  [...]

Fix this by setting variable r_page to NULL in log_read_rst.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ed686e7a26dd19ae6b46bb662f735acfa88ff7bc

Version b46acd6a6a627d876898e1c84d3f84902264b445

Status affected

Version < bf86a640a34947d92062996e1a75b9cd9d83dd19

Version b46acd6a6a627d876898e1c84d3f84902264b445

Status affected

Version < 6d076293e5bffdf897ea5f975669206e09beed6a

Version b46acd6a6a627d876898e1c84d3f84902264b445

Status affected

Version < ecfbd57cf9c5ca225184ae266ce44ae473792132

Version b46acd6a6a627d876898e1c84d3f84902264b445

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.17

Status unaffected

Version <= 6.1.*

Version 6.1.3

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/ed686e7a26dd19ae6b46bb662f735acfa88ff7bc

https://git.kernel.org/stable/c/bf86a640a34947d92062996e1a75b9cd9d83dd19

https://git.kernel.org/stable/c/6d076293e5bffdf897ea5f975669206e09beed6a

https://git.kernel.org/stable/c/ecfbd57cf9c5ca225184ae266ce44ae473792132

https://nvd.nist.gov/vuln/detail/CVE-2022-50869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50869

EUVD