Vulnerability Description
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.15, < 5.15.121 |
| Netapp | H300S | - |
| Netapp | H410C | - |
| Netapp | H410S | - |
| Netapp | H500S | - |
| Netapp | H700S | - |
Related Weaknesses (CWE)
References
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2Release Notes
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0eMailing ListPatch
- https://security.netapp.com/advisory/ntap-20230703-0004/Third Party AdvisoryVDB Entry
- https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72ExploitThird Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2Release Notes
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0eMailing ListPatch
- https://security.netapp.com/advisory/ntap-20230703-0004/Third Party AdvisoryVDB Entry
- https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72ExploitThird Party Advisory
FAQ
What is CVE-2022-48502?
CVE-2022-48502 is a vulnerability with a CVSS score of 7.1 (HIGH). An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr...
How severe is CVE-2022-48502?
CVE-2022-48502 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48502?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp H300S, Netapp H410C, Netapp H410S, Netapp H500S.