CVE-2022-50306
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 5.15.87 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential out of bound read in the Linux kernel's ext4 file system code, specifically in the ext4_fc_replay_scan() function. It occurs when the scan loop does not ensure there is enough space (at least EXT4_FC_TAG_BASE_LEN) before reading, which can lead to reading beyond the intended memory bounds when mounting a corrupt file system image. The fix involves adding extra checks for certain tags (ADD_RANGE, HEAD, TAIL) during the journal scan to prevent reading invalid data lengths.
How can this vulnerability impact me? :
This vulnerability can lead to out of bound memory reads when mounting a corrupt ext4 file system image, which may cause system instability, crashes, or potentially expose sensitive memory contents. This could affect system reliability and security when handling corrupted file systems.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the ext4 out of bound read issue in ext4_fc_replay_scan() has been fixed. Avoid mounting potentially corrupt ext4 file system images until the patch is applied.