Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9rf3-hx86-5f4p

Опубликовано: 24 дек. 2025
Источник: github
Github: Не прошло ревью

Описание

In the Linux kernel, the following vulnerability has been resolved:

erofs: validate the extent length for uncompressed pclusters

syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2

The referenced fuzzed image actually has two issues:

  • m_pa == 0 as a non-inlined pcluster;
  • The logical length is longer than its physical length.

The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity.

In the Linux kernel, the following vulnerability has been resolved:

erofs: validate the extent length for uncompressed pclusters

syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2

The referenced fuzzed image actually has two issues:

  • m_pa == 0 as a non-inlined pcluster;
  • The logical length is longer than its physical length.

The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity.

Ссылки

EPSS

Процентиль: 5%
0.00022
Низкий

CVE ID

CVE-2022-50746

Связанные уязвимости

ubuntu логотип

CVE-2022-50746

ubuntu
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - m_pa == 0 as a non-inlined pcluster; - The logical length is longer than its physical length. The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity.

nvd логотип

CVE-2022-50746

nvd
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - m_pa == 0 as a non-inlined pcluster; - The logical length is longer than its physical length. The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity.

debian логотип

CVE-2022-50746

debian
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: e ...

EPSS

Процентиль: 5%
0.00022
Низкий

CVE ID

CVE-2022-50746