CVE-2022-50864
Unknown Unknown - Not Provided
Shift-Out-of-Bounds Vulnerability in Linux nilfs2 Causes Kernel Panic

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set): shift exponent 38973 is too large for 32-bit type 'int' Call Trace: <TASK> dump_stack_lvl+0xcd/0x134 ubsan_epilogue+0xb/0x50 __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5 init_nilfs.cold.11+0x18/0x1d [nilfs2] nilfs_mount+0x9b5/0x12b0 [nilfs2] ... This fixes the issue by adding and using a new helper function for getting block size with sanity check.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50864
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel *
linux nilfs2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking for kernel panic logs or warnings related to 'shift exponent' errors in the system logs. Specifically, look for messages like 'shift exponent ... is too large for 32-bit type int' in kernel logs (e.g., using dmesg or journalctl). Commands to check include: 'dmesg | grep shift exponent' or 'journalctl -k | grep shift exponent'.


Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's nilfs2 file system where a corrupted superblock field (s_log_block_size) with an excessively large exponent can cause a shift-out-of-bounds error. This leads to a warning and potentially a kernel panic if the system is configured to panic on warnings. The issue arises because the exponent value is too large for a 32-bit integer type, causing unsafe operations during nilfs2 initialization and mounting.


How can this vulnerability impact me? :

If exploited or triggered, this vulnerability can cause the Linux kernel to panic, leading to a system crash or denial of service. This can disrupt system availability and stability, potentially causing downtime or data access interruptions.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where the nilfs2 shift-out-of-bounds issue is fixed. This fix includes a new helper function that performs sanity checks on block size exponents to prevent kernel panic. Until the update is applied, avoid mounting corrupted nilfs2 filesystems that could trigger this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart