{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50442", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-17T14:53:07.010Z", "datePublished": "2025-10-01T11:42:18.012Z", "dateUpdated": "2025-10-02T07:04:16.226Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-02T07:04:16.226Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate buffer length while parsing index\n\nindx_read is called when we have some NTFS directory operations that\nneed more information from the index buffers. This adds a sanity check\nto make sure the returned index buffer length is legit, or we may have\nsome out-of-bound memory accesses.\n\n[ 560.897595] BUG: KASAN: slab-out-of-bounds in hdr_find_e.isra.0+0x10c/0x320\n[ 560.898321] Read of size 2 at addr ffff888009497238 by task exp/245\n[ 560.898760]\n[ 560.899129] CPU: 0 PID: 245 Comm: exp Not tainted 6.0.0-rc6 #37\n[ 560.899505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 560.900170] Call Trace:\n[ 560.900407] <TASK>\n[ 560.900732] dump_stack_lvl+0x49/0x63\n[ 560.901108] print_report.cold+0xf5/0x689\n[ 560.901395] ? hdr_find_e.isra.0+0x10c/0x320\n[ 560.901716] kasan_report+0xa7/0x130\n[ 560.901950] ? hdr_find_e.isra.0+0x10c/0x320\n[ 560.902208] __asan_load2+0x68/0x90\n[ 560.902427] hdr_find_e.isra.0+0x10c/0x320\n[ 560.902846] ? cmp_uints+0xe0/0xe0\n[ 560.903363] ? cmp_sdh+0x90/0x90\n[ 560.903883] ? ntfs_bread_run+0x190/0x190\n[ 560.904196] ? rwsem_down_read_slowpath+0x750/0x750\n[ 560.904969] ? ntfs_fix_post_read+0xe0/0x130\n[ 560.905259] ? __kasan_check_write+0x14/0x20\n[ 560.905599] ? up_read+0x1a/0x90\n[ 560.905853] ? indx_read+0x22c/0x380\n[ 560.906096] indx_find+0x2ef/0x470\n[ 560.906352] ? indx_find_buffer+0x2d0/0x2d0\n[ 560.906692] ? __kasan_kmalloc+0x88/0xb0\n[ 560.906977] dir_search_u+0x196/0x2f0\n[ 560.907220] ? ntfs_nls_to_utf16+0x450/0x450\n[ 560.907464] ? __kasan_check_write+0x14/0x20\n[ 560.907747] ? mutex_lock+0x8f/0xe0\n[ 560.907970] ? __mutex_lock_slowpath+0x20/0x20\n[ 560.908214] ? kmem_cache_alloc+0x143/0x4b0\n[ 560.908459] ntfs_lookup+0xe0/0x100\n[ 560.908788] __lookup_slow+0x116/0x220\n[ 560.909050] ? lookup_fast+0x1b0/0x1b0\n[ 560.909309] ? lookup_fast+0x13f/0x1b0\n[ 560.909601] walk_component+0x187/0x230\n[ 560.909944] link_path_walk.part.0+0x3f0/0x660\n[ 560.910285] ? handle_lookup_down+0x90/0x90\n[ 560.910618] ? path_init+0x642/0x6e0\n[ 560.911084] ? percpu_counter_add_batch+0x6e/0xf0\n[ 560.912559] ? __alloc_file+0x114/0x170\n[ 560.913008] path_openat+0x19c/0x1d10\n[ 560.913419] ? getname_flags+0x73/0x2b0\n[ 560.913815] ? kasan_save_stack+0x3a/0x50\n[ 560.914125] ? kasan_save_stack+0x26/0x50\n[ 560.914542] ? __kasan_slab_alloc+0x6d/0x90\n[ 560.914924] ? kmem_cache_alloc+0x143/0x4b0\n[ 560.915339] ? getname_flags+0x73/0x2b0\n[ 560.915647] ? getname+0x12/0x20\n[ 560.916114] ? __x64_sys_open+0x4c/0x60\n[ 560.916460] ? path_lookupat.isra.0+0x230/0x230\n[ 560.916867] ? __isolate_free_page+0x2e0/0x2e0\n[ 560.917194] do_filp_open+0x15c/0x1f0\n[ 560.917448] ? may_open_dev+0x60/0x60\n[ 560.917696] ? expand_files+0xa4/0x3a0\n[ 560.917923] ? __kasan_check_write+0x14/0x20\n[ 560.918185] ? _raw_spin_lock+0x88/0xdb\n[ 560.918409] ? _raw_spin_lock_irqsave+0x100/0x100\n[ 560.918783] ? _find_next_bit+0x4a/0x130\n[ 560.919026] ? _raw_spin_unlock+0x19/0x40\n[ 560.919276] ? alloc_fd+0x14b/0x2d0\n[ 560.919635] do_sys_openat2+0x32a/0x4b0\n[ 560.920035] ? file_open_root+0x230/0x230\n[ 560.920336] ? __rcu_read_unlock+0x5b/0x280\n[ 560.920813] do_sys_open+0x99/0xf0\n[ 560.921208] ? filp_open+0x60/0x60\n[ 560.921482] ? exit_to_user_mode_prepare+0x49/0x180\n[ 560.921867] __x64_sys_open+0x4c/0x60\n[ 560.922128] do_syscall_64+0x3b/0x90\n[ 560.922369] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 560.923030] RIP: 0033:0x7f7dff2e4469\n[ 560.923681] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088\n[ 560.924451] RSP: 002b:00007ffd41a210b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000002\n[ 560.925168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dff2e4469\n[ 560.925655] RDX: 0000000000000000 RSI: 0000000000000002 RDI:\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/index.c"], "versions": [{"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "3cd9e5b41b83bb57ac3cf9888f9fef2a6ef8ed96", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "b15374365c9d10445ea7d66cdf885457a0223fc2", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "3f6f75e8863f41c8b3dbfd9d99e3963aaca42601", "status": "affected", "versionType": "git"}, {"version": "4534a70b7056fd4b9a1c6db5a4ce3c98546b291e", "lessThan": "4d42ecda239cc13738d6fd84d098a32e67b368b9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/index.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.87", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.17", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.3", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.15.87"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.0.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3cd9e5b41b83bb57ac3cf9888f9fef2a6ef8ed96"}, {"url": "https://git.kernel.org/stable/c/b15374365c9d10445ea7d66cdf885457a0223fc2"}, {"url": "https://git.kernel.org/stable/c/3f6f75e8863f41c8b3dbfd9d99e3963aaca42601"}, {"url": "https://git.kernel.org/stable/c/4d42ecda239cc13738d6fd84d098a32e67b368b9"}], "title": "fs/ntfs3: Validate buffer length while parsing index", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF34DC7D-4D5D-4D9C-B1B4-FAE010E910F2", "versionEndExcluding": "5.15.87", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "05B2AE8A-556C-47C1-9119-DBAC5EB60947", "versionEndExcluding": "6.0.17", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "70594F60-3413-4969-AFD7-965266760EA6", "versionEndExcluding": "6.1.3", "versionStartIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Validate buffer length while parsing index\n\nindx_read is called when we have some NTFS directory operations that\nneed more information from the index buffers. This adds a sanity check\nto make sure the returned index buffer length is legit, or we may have\nsome out-of-bound memory accesses.\n\n[ 560.897595] BUG: KASAN: slab-out-of-bounds in hdr_find_e.isra.0+0x10c/0x320\n[ 560.898321] Read of size 2 at addr ffff888009497238 by task exp/245\n[ 560.898760]\n[ 560.899129] CPU: 0 PID: 245 Comm: exp Not tainted 6.0.0-rc6 #37\n[ 560.899505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 560.900170] Call Trace:\n[ 560.900407] <TASK>\n[ 560.900732] dump_stack_lvl+0x49/0x63\n[ 560.901108] print_report.cold+0xf5/0x689\n[ 560.901395] ? hdr_find_e.isra.0+0x10c/0x320\n[ 560.901716] kasan_report+0xa7/0x130\n[ 560.901950] ? hdr_find_e.isra.0+0x10c/0x320\n[ 560.902208] __asan_load2+0x68/0x90\n[ 560.902427] hdr_find_e.isra.0+0x10c/0x320\n[ 560.902846] ? cmp_uints+0xe0/0xe0\n[ 560.903363] ? cmp_sdh+0x90/0x90\n[ 560.903883] ? ntfs_bread_run+0x190/0x190\n[ 560.904196] ? rwsem_down_read_slowpath+0x750/0x750\n[ 560.904969] ? ntfs_fix_post_read+0xe0/0x130\n[ 560.905259] ? __kasan_check_write+0x14/0x20\n[ 560.905599] ? up_read+0x1a/0x90\n[ 560.905853] ? indx_read+0x22c/0x380\n[ 560.906096] indx_find+0x2ef/0x470\n[ 560.906352] ? indx_find_buffer+0x2d0/0x2d0\n[ 560.906692] ? __kasan_kmalloc+0x88/0xb0\n[ 560.906977] dir_search_u+0x196/0x2f0\n[ 560.907220] ? ntfs_nls_to_utf16+0x450/0x450\n[ 560.907464] ? __kasan_check_write+0x14/0x20\n[ 560.907747] ? mutex_lock+0x8f/0xe0\n[ 560.907970] ? __mutex_lock_slowpath+0x20/0x20\n[ 560.908214] ? kmem_cache_alloc+0x143/0x4b0\n[ 560.908459] ntfs_lookup+0xe0/0x100\n[ 560.908788] __lookup_slow+0x116/0x220\n[ 560.909050] ? lookup_fast+0x1b0/0x1b0\n[ 560.909309] ? lookup_fast+0x13f/0x1b0\n[ 560.909601] walk_component+0x187/0x230\n[ 560.909944] link_path_walk.part.0+0x3f0/0x660\n[ 560.910285] ? handle_lookup_down+0x90/0x90\n[ 560.910618] ? path_init+0x642/0x6e0\n[ 560.911084] ? percpu_counter_add_batch+0x6e/0xf0\n[ 560.912559] ? __alloc_file+0x114/0x170\n[ 560.913008] path_openat+0x19c/0x1d10\n[ 560.913419] ? getname_flags+0x73/0x2b0\n[ 560.913815] ? kasan_save_stack+0x3a/0x50\n[ 560.914125] ? kasan_save_stack+0x26/0x50\n[ 560.914542] ? __kasan_slab_alloc+0x6d/0x90\n[ 560.914924] ? kmem_cache_alloc+0x143/0x4b0\n[ 560.915339] ? getname_flags+0x73/0x2b0\n[ 560.915647] ? getname+0x12/0x20\n[ 560.916114] ? __x64_sys_open+0x4c/0x60\n[ 560.916460] ? path_lookupat.isra.0+0x230/0x230\n[ 560.916867] ? __isolate_free_page+0x2e0/0x2e0\n[ 560.917194] do_filp_open+0x15c/0x1f0\n[ 560.917448] ? may_open_dev+0x60/0x60\n[ 560.917696] ? expand_files+0xa4/0x3a0\n[ 560.917923] ? __kasan_check_write+0x14/0x20\n[ 560.918185] ? _raw_spin_lock+0x88/0xdb\n[ 560.918409] ? _raw_spin_lock_irqsave+0x100/0x100\n[ 560.918783] ? _find_next_bit+0x4a/0x130\n[ 560.919026] ? _raw_spin_unlock+0x19/0x40\n[ 560.919276] ? alloc_fd+0x14b/0x2d0\n[ 560.919635] do_sys_openat2+0x32a/0x4b0\n[ 560.920035] ? file_open_root+0x230/0x230\n[ 560.920336] ? __rcu_read_unlock+0x5b/0x280\n[ 560.920813] do_sys_open+0x99/0xf0\n[ 560.921208] ? filp_open+0x60/0x60\n[ 560.921482] ? exit_to_user_mode_prepare+0x49/0x180\n[ 560.921867] __x64_sys_open+0x4c/0x60\n[ 560.922128] do_syscall_64+0x3b/0x90\n[ 560.922369] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 560.923030] RIP: 0033:0x7f7dff2e4469\n[ 560.923681] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088\n[ 560.924451] RSP: 002b:00007ffd41a210b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000002\n[ 560.925168] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dff2e4469\n[ 560.925655] RDX: 0000000000000000 RSI: 0000000000000002 RDI:\n---truncated---"}], "id": "CVE-2022-50442", "lastModified": "2026-01-20T15:58:51.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-01T12:15:36.433", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cd9e5b41b83bb57ac3cf9888f9fef2a6ef8ed96"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f6f75e8863f41c8b3dbfd9d99e3963aaca42601"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d42ecda239cc13738d6fd84d098a32e67b368b9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b15374365c9d10445ea7d66cdf885457a0223fc2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: fs/ntfs3: Validate buffer length while parsing index", "id": "2400799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400799"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2022-50442", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50442\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50442\nhttps://lore.kernel.org/linux-cve-announce/2025100101-CVE-2022-50442-c0fe@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-10-02T08:39:48.644860+00:00", "updated": "2025-10-02T08:39:48.644913+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}