CVE-2022-50869
Slab-Out-of-Bounds Vulnerability in Linux Kernel NTFS3 Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a slab-out-of-bounds error in the Linux kernel's NTFS3 filesystem driver. When the system's PAGE_SIZE is 64K, a function called read_log_page is called by log_read_rst for the first time, and the buffer size is set to 4K (DefaultLogPageSize). However, if operations like memcpy try to copy more than 4K (up to 64K), it causes an out-of-bounds memory access, potentially leading to memory corruption or crashes. The issue is fixed by setting the variable r_page to NULL in log_read_rst to prevent this error.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory access in the Linux kernel when handling NTFS filesystem logs, which may cause system instability, crashes, or potential memory corruption. Such issues could be exploited to cause denial of service or potentially escalate privileges depending on the context.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the slab-out-of-bounds vulnerability in the Linux kernel's ntfs3 filesystem driver by setting the variable r_page to NULL in log_read_rst. This will prevent the out-of-bound memory access when PAGE_SIZE is 64K.