CVE-2022-48502

Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 31 May 2023, 00:00
Last modified:03 Aug 2024, 15:17

Vulnerability Summary

Overall Risk (default)
medium
38/100
CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

31 May 2023, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 15:17
Last Modified
Vulnerability information updated

Description

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 2%

Techniques & Countermeasures

  • CWE-125Out-of-bounds Read

    The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • linuxlinux_kernel

    ≥ 5.15, < 5.15.121 | ≥ 5.16, < 6.1.40

  • netapph300s_firmware

    na

  • netapph410c_firmware

    na

  • netapph410s_firmware

    na

  • netapph500s_firmware

    na

  • netapph700s_firmware

    na

References (4)