CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.

Published: May 31, 2023
Updated: Jun 9, 2023
CVE: CVE-2022-48502
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.15	5.15.121
linux / linux_kernel	5.16	6.1.40

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b
https://security.netapp.com/advisory/ntap-20230703-0004/
https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72

Vulnerability Database

289,599

CVE-2022-48502