cve-2022-49762
Vulnerability from cvelistv5
Published
2025-05-01 14:09
Modified
2025-05-01 14:09
Severity ?
EPSS score ?
Summary
ntfs: check overflow when iterating ATTR_RECORDs
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ntfs/attrib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5559eb5809353a83a40a1e4e7f066431c7b83020",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "86f36de14dce5802856bb7a5921d74439db00b64",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "45683723f6b53e39e8a4cec0894e61fd6ec71989",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b612f924f296408d7d02fb4cd01218afd4ed7184",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "957732a09c3828267c2819d31c425aa793dd475b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b63ddb3ba61e2d3539f87e095c881e552bc45dab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "785b2af9654b8beac55644e36da0085c5d776361",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "63095f4f3af59322bea984a6ae44337439348fe0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ntfs/attrib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.334",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.267",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: check overflow when iterating ATTR_RECORDs\n\nKernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). \nBecause the ATTR_RECORDs are next to each other, kernel can get the next\nATTR_RECORD from end address of current ATTR_RECORD, through current\nATTR_RECORD length field.\n\nThe problem is that during iteration, when kernel calculates the end\naddress of current ATTR_RECORD, kernel may trigger an integer overflow bug\nin executing `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a-\u003elength))`. This\nmay wrap, leading to a forever iteration on 32bit systems.\n\nThis patch solves it by adding some checks on calculating end address\nof current ATTR_RECORD during iteration."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:09:02.952Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5559eb5809353a83a40a1e4e7f066431c7b83020"
},
{
"url": "https://git.kernel.org/stable/c/86f36de14dce5802856bb7a5921d74439db00b64"
},
{
"url": "https://git.kernel.org/stable/c/45683723f6b53e39e8a4cec0894e61fd6ec71989"
},
{
"url": "https://git.kernel.org/stable/c/b612f924f296408d7d02fb4cd01218afd4ed7184"
},
{
"url": "https://git.kernel.org/stable/c/957732a09c3828267c2819d31c425aa793dd475b"
},
{
"url": "https://git.kernel.org/stable/c/b63ddb3ba61e2d3539f87e095c881e552bc45dab"
},
{
"url": "https://git.kernel.org/stable/c/785b2af9654b8beac55644e36da0085c5d776361"
},
{
"url": "https://git.kernel.org/stable/c/63095f4f3af59322bea984a6ae44337439348fe0"
}
],
"title": "ntfs: check overflow when iterating ATTR_RECORDs",
"x_generator": {
"engine": "bippy-1.1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49762",
"datePublished": "2025-05-01T14:09:02.952Z",
"dateReserved": "2025-03-27T16:39:17.990Z",
"dateUpdated": "2025-05-01T14:09:02.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49762\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:15:58.933\",\"lastModified\":\"2025-05-02T13:53:20.943\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nntfs: check overflow when iterating ATTR_RECORDs\\n\\nKernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). \\nBecause the ATTR_RECORDs are next to each other, kernel can get the next\\nATTR_RECORD from end address of current ATTR_RECORD, through current\\nATTR_RECORD length field.\\n\\nThe problem is that during iteration, when kernel calculates the end\\naddress of current ATTR_RECORD, kernel may trigger an integer overflow bug\\nin executing `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a-\u003elength))`. This\\nmay wrap, leading to a forever iteration on 32bit systems.\\n\\nThis patch solves it by adding some checks on calculating end address\\nof current ATTR_RECORD during iteration.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ntfs: desbordamiento de comprobaci\u00f3n al iterar ATTR_RECORDs El kernel itera sobre los ATTR_RECORD en el registro mft en ntfs_attr_find(). Debido a que los ATTR_RECORD est\u00e1n uno al lado del otro, el kernel puede obtener el siguiente ATTR_RECORD desde la direcci\u00f3n final del ATTR_RECORD actual, a trav\u00e9s del campo de longitud del ATTR_RECORD actual. El problema es que durante la iteraci\u00f3n, cuando el kernel calcula la direcci\u00f3n final del ATTR_RECORD actual, el kernel puede desencadenar un error de desbordamiento de enteros al ejecutar `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a-\u0026gt;length))`. Esto puede envolverse, lo que lleva a una iteraci\u00f3n eterna en sistemas de 32 bits. Este parche lo resuelve a\u00f1adiendo algunas comprobaciones en el c\u00e1lculo de la direcci\u00f3n final del ATTR_RECORD actual durante la iteraci\u00f3n.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/45683723f6b53e39e8a4cec0894e61fd6ec71989\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5559eb5809353a83a40a1e4e7f066431c7b83020\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/63095f4f3af59322bea984a6ae44337439348fe0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/785b2af9654b8beac55644e36da0085c5d776361\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/86f36de14dce5802856bb7a5921d74439db00b64\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/957732a09c3828267c2819d31c425aa793dd475b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b612f924f296408d7d02fb4cd01218afd4ed7184\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b63ddb3ba61e2d3539f87e095c881e552bc45dab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.