CVE-2022-50313
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.19 (inc) to 5.4.289 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.233 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.82 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 5.19.17 (exc) |
| linux | linux_kernel | From 6.0 (inc) to 6.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's erofs filesystem occurs because the i_size field is a signed type, allowing it to have a negative value. When i_size is negative and less than EROFS_BLKSIZ, it is mistakenly treated as a fast symlink, which is unexpected behavior. The fix involves falling back to a generic handling path for such unusual i_size values to prevent this incorrect processing.
How can this vulnerability impact me? :
The vulnerability could cause the erofs filesystem to incorrectly handle files with crafted negative i_size values, potentially leading to unexpected behavior or errors when processing such files. This may affect system stability or security depending on how the filesystem is used, but specific impacts are not detailed in the provided information.