CVE-2022-48424Improper Validation of Specified Index, Position, or Offset in Input in Kernel

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input16 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV4.7
EPSS
0.0%
top 92.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.102.1-3 ON CBL Mariner 2.0+5 more
Timeline
PublishedMar 19
Latest updateMay 22

Description

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDlinux/linux_kernel5.155.15.87+2
Debianlinux/linux_kernel< 6.1.4-1+2
Ubuntulinux/linux_kernel< 5.15.0-69.76
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

7
OSV
linux-gcp, linux-hwe-5.19 vulnerabilities2023-05-22
OSV
linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities2023-05-16
OSV
linux-intel-iotg vulnerabilities2023-04-11
OSV
linux-gke, linux-gke-5.15, linux-ibm, linux-kvm vulnerabilities2023-03-29
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, lin2023-03-28

📋Vendor Advisories

8
Ubuntu
Linux kernel vulnerabilities2023-05-22
Ubuntu
Linux kernel vulnerabilities2023-05-18
Ubuntu
Linux kernel vulnerabilities2023-05-16
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-04-11
Ubuntu
Linux kernel vulnerabilities2023-03-29
CVE-2022-48424 — Linux Kernel vulnerability | cvebase