CVE-2022-50507Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access behaviors. [ 82.940342] BUG: KASAN: use-after-free in run_unpack+0x2e3/0x570 [ 82.941180] Read of size 1 at addr ffff888008a8487f by task mount/240 [ 82.941670] [ 82.942069] CPU: 0 PID: 240 Comm: mou

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.155.15.87+2
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linux4534a70b7056fd4b9a1c6db5a4ce3c98546b291ede5e0955248ff90a2ae91e7f5c108392b52152d0+4
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50507: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset2025-10-04
GHSA
GHSA-397q-f49x-2c9j: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: fs/ntfs3: Validate data run offset2025-10-04
Debian
CVE-2022-50507: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: V...2022