CVE-2022-49464
Essential information
- Published
- 26/02/2025 07:01
- Modified
- 27/02/2025 19:15
- Author
- —
- Creator
- —
- CVSS
- 7.8 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix buffer copy overflow of ztailpacking feature
I got some KASAN report as below:
[ 46.959738] ==================================================================
[ 46.960430] BUG: KASAN: use-after-free in z_erofs_shifted_transform+0x2bd/0x370
[ 46.960430] Read of size 4074 at addr ffff8880300c2f8e by task fssum/188
...
[ 46.960430] Call Trace:
[ 46.960430] <TASK>
[ 46.960430] dump_stack_lvl+0x41/0x5e
[ 46.960430] print_report.cold+0xb2/0x6b7
[ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370
[ 46.960430] kasan_report+0x8a/0x140
[ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370
[ 46.960430] kasan_check_range+0x14d/0x1d0
[ 46.960430] memcpy+0x20/0x60
[ 46.960430] z_erofs_shifted_transform+0x2bd/0x370
[ 46.960430] z_erofs_decompress_pcluster+0xaae/0x1080
The root cause is that the tail pcluster won't be a complete filesystem
block anymore. So if ztailpacking is used, the second part of an
uncompressed tail pcluster may not be ``rq->pageofs_out``.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD
- View on NVD