| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122455-CVE-2022-50762-282c@gregkh> Date: Wed, 24 Dec 2025 14:06:13 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50762: fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst() syzbot reported UBSAN error as below: [ 76.901829][ T6677] ================================================================================ [ 76.903908][ T6677] UBSAN: shift-out-of-bounds in fs/ntfs3/super.c:675:13 [ 76.905363][ T6677] shift exponent -247 is negative This patch avoid this error. The Linux kernel CVE team has assigned CVE-2022-50762 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15.45 with commit 58cf68a1886d14ffdc5c892ce483a82156769e88 and fixed in 5.15.86 with commit 4b51f27d4448c84957bce190292f75d4896d56b3 Issue introduced in 5.19 with commit a3b774342fa752a5290c0de36375289dfcf4a260 and fixed in 6.0.16 with commit 8fe280ae85177c2323ae8c9849ff27a3a6b69506 Issue introduced in 5.19 with commit a3b774342fa752a5290c0de36375289dfcf4a260 and fixed in 6.1.2 with commit 95afb464c86c6e9e95ea9e595282fa6f693072e8 Issue introduced in 5.19 with commit a3b774342fa752a5290c0de36375289dfcf4a260 and fixed in 6.2 with commit caad9dd8792a2622737b7273cb34835fd9536cd2 Issue introduced in 5.17.13 with commit 4746c49b11b2403f5b5b07c6eac9e60663dcd9a3 Issue introduced in 5.18.2 with commit a2b6986316a2d106f6951e76db70fa4b2fde64a9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50762 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ntfs3/super.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/4b51f27d4448c84957bce190292f75d4896d56b3 https://git.kernel.org/stable/c/8fe280ae85177c2323ae8c9849ff27a3a6b69506 https://git.kernel.org/stable/c/95afb464c86c6e9e95ea9e595282fa6f693072e8 https://git.kernel.org/stable/c/caad9dd8792a2622737b7273cb34835fd9536cd2
Powered by blists - more mailing lists