admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-495xx/CVE-2022-49560.json
cad-safe-bot a62ee174e8 Auto-Update: 2025-03-10T23:00:19.793525+00:00
2025-03-10 23:03:48 +00:00

131 lines
6.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-49560",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:31.780",
"lastModified": "2025-03-10T21:25:29.677",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: check if cluster num is valid\n\nSyzbot reported slab-out-of-bounds read in exfat_clear_bitmap.\nThis was triggered by reproducer calling truncute with size 0,\nwhich causes the following trace:\n\nBUG: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174\nRead of size 8 at addr ffff888115aa9508 by task syz-executor251/365\n\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118\n print_address_description+0x81/0x3c0 mm/kasan/report.c:233\n __kasan_report mm/kasan/report.c:419 [inline]\n kasan_report+0x1a4/0x1f0 mm/kasan/report.c:436\n __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309\n exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174\n exfat_free_cluster+0x25a/0x4a0 fs/exfat/fatent.c:181\n __exfat_truncate+0x99e/0xe00 fs/exfat/file.c:217\n exfat_truncate+0x11b/0x4f0 fs/exfat/file.c:243\n exfat_setattr+0xa03/0xd40 fs/exfat/file.c:339\n notify_change+0xb76/0xe10 fs/attr.c:336\n do_truncate+0x1ea/0x2d0 fs/open.c:65\n\nMove the is_valid_cluster() helper from fatent.c to a common\nheader to make it reusable in other *.c files. And add is_valid_cluster()\nto validate if cluster number is within valid range in exfat_clear_bitmap()\nand exfat_set_bitmap()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: comprobar si el n\u00famero de cl\u00faster es v\u00e1lido Syzbot inform\u00f3 una lectura de slab fuera de los l\u00edmites en exfat_clear_bitmap. Esto fue provocado por el reproductor que llama a truncute con tama\u00f1o 0, lo que provoca el siguiente seguimiento: ERROR: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174 Read of size 8 at addr ffff888115aa9508 by task syz-executor251/365 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118 print_address_description+0x81/0x3c0 mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report+0x1a4/0x1f0 mm/kasan/report.c:436 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309 exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174 exfat_free_cluster+0x25a/0x4a0 fs/exfat/fatent.c:181 __exfat_truncate+0x99e/0xe00 fs/exfat/file.c:217 exfat_truncate+0x11b/0x4f0 fs/exfat/file.c:243 exfat_setattr+0xa03/0xd40 fs/exfat/file.c:339 notify_change+0xb76/0xe10 fs/attr.c:336 do_truncate+0x1ea/0x2d0 fs/open.c:65 Move the is_valid_cluster() helper from fatent.c to a common header to make it reusable in other *.c files. And add is_valid_cluster() to validate if cluster number is within valid range in exfat_clear_bitmap() and exfat_set_bitmap(). "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7",
"versionEndExcluding": "5.10.120",
"matchCriteriaId": "78702CD4-AEE5-45F6-90C7-1EB25AF09D08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.45",
"matchCriteriaId": "08D699AD-F4CE-4BDD-A97E-4997299C7712"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.17.13",
"matchCriteriaId": "192FC54B-5367-49D6-B410-0285F14665B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18",
"versionEndExcluding": "5.18.2",
"matchCriteriaId": "9FF255A1-64F4-4E31-AF44-C92FB8773BA2"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2193286402df2d9c53294f7a858d5e6fd7346e08",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64ba4b15e5c045f8b746c6da5fc9be9a6b00b61d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7c58b14b6f9cde9f69e7fa053ab73f6e013a7131",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82f723b8a5adf497f9e34c702a30ca7298615654",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c504167adc3248095a905fa0700a9693897cb5ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink