CVE-2022-50762
Integer Overflow in Linux Kernel NTFS3 Driver Causes UBSAN Error
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a UBSAN (Undefined Behavior Sanitizer) error in the Linux kernel's NTFS3 filesystem driver, specifically in the function true_sectors_per_clst(). It involves a shift-out-of-bounds error where a negative shift exponent (-247) occurs, which can cause undefined behavior or kernel errors. The patch avoids this error by correcting the code to prevent the invalid shift operation.
How can this vulnerability impact me? :
This vulnerability can cause kernel errors or crashes due to undefined behavior in the NTFS3 filesystem driver when processing certain data. This may lead to system instability or denial of service if exploited or triggered.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that resolves the UBSAN error in the Linux kernel's fs/ntfs3 module to avoid the shift-out-of-bounds error in true_sectors_per_clst().