CVE-2022-49553

26.02.2025, 07:01

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: validate BOOT sectors_per_clusters

When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a
shift value.  Make sure that the shift value is not too large before using
it (NTFS max cluster size is 2MB).  Return -EVINVAL if it too large.

This prevents negative shift values and shift values that are larger than
the field size.

Prevents this UBSAN error:

 UBSAN: shift-out-of-bounds in ../fs/ntfs3/super.c:673:16
 shift exponent -192 is negative

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Vendor	Product	Version
linux	linux_kernel	5.15 ≤ 𝑥 < 5.15.45
linux	linux_kernel	5.16 ≤ 𝑥 < 5.17.13
linux	linux_kernel	5.18 ≤ 𝑥 < 5.18.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.234-1 fixed
bookworm	6.1.123-1 fixed
bookworm (security)	6.1.128-1 fixed
trixie	6.12.12-1 fixed
sid	6.12.16-1 fixed

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://git.kernel.org/stable/c/4746c49b11b2403f5b5b07c6eac9e60663dcd9a3

https://git.kernel.org/stable/c/58cf68a1886d14ffdc5c892ce483a82156769e88

https://git.kernel.org/stable/c/a2b6986316a2d106f6951e76db70fa4b2fde64a9

https://git.kernel.org/stable/c/a3b774342fa752a5290c0de36375289dfcf4a260