CVE-2022-50442Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 98.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indx_read is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffer length is legit, or we may have some out-of-bound memory accesses. [ 560.897595] BUG: KASAN: slab-out-of-bounds in hdr_find_e.isra.0+0x10c/0x320 [ 560.898321] Read of size 2 at addr ffff88800949723

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel5.155.15.87+2
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linux4534a70b7056fd4b9a1c6db5a4ce3c98546b291e3cd9e5b41b83bb57ac3cf9888f9fef2a6ef8ed96+4
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-qqgg-499c-j47v: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indx_read is called when we2025-10-01
OSV
CVE-2022-50442: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indx_read is called when we h2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: fs/ntfs3: Validate buffer length while parsing index2025-10-01
Debian
CVE-2022-50442: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: V...2022