UBUNTU-CVE-2022-48502
Vulnerability Summary
Timeline
Description
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
CVSS Metrics
- v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Systems
- ubuntu•linux
< 5.15.0-79.86
- ubuntu•linux-allwinner-5.19
all
- ubuntu•linux-aws
< 5.15.0-1042.47
- ubuntu•linux-aws-5.0
all
- ubuntu•linux-aws-5.11
all
- ubuntu•linux-aws-5.13
all
- ubuntu•linux-aws-5.15
< 5.15.0-1041.46~20.04.1
- ubuntu•linux-aws-5.19
< 5.19.0-1029.30~22.04.1
- ubuntu•linux-aws-5.3
all
- ubuntu•linux-aws-5.8
all
- ubuntu•linux-azure
all | < 5.15.0-1045.52
- ubuntu•linux-azure-5.11
all
- ubuntu•linux-azure-5.13
all
- ubuntu•linux-azure-5.15
< 5.15.0-1045.52~20.04.1
- ubuntu•linux-azure-5.19
all
- ubuntu•linux-azure-5.3
all
- ubuntu•linux-azure-5.8
all
- ubuntu•linux-azure-edge
all
- ubuntu•linux-azure-fde
< 5.15.0-1044.51.1
- ubuntu•linux-azure-fde-5.19
all
- ubuntu•linux-bluefield
< 5.15.0-1022.24 | < 5.15.0-1022.24 | all
- ubuntu•linux-fips
all
- ubuntu•linux-gcp
all | < 5.15.0-1039.47
- ubuntu•linux-gcp-5.11
all
- ubuntu•linux-gcp-5.13
all
- ubuntu•linux-gcp-5.15
< 5.15.0-1039.47~20.04.1
- ubuntu•linux-gcp-5.19
< 5.19.0-1030.32~22.04.1
- ubuntu•linux-gcp-5.3
all
- ubuntu•linux-gcp-5.8
all
- ubuntu•linux-gke
< 5.15.0-1039.44
- ubuntu•linux-gke-4.15
all
- ubuntu•linux-gke-5.15
< 5.15.0-1039.44~20.04.1
- ubuntu•linux-gke-5.4
all
- ubuntu•linux-gkeop
< 5.15.0-1025.30
- ubuntu•linux-gkeop-5.15
< 5.15.0-1025.30~20.04.1
- ubuntu•linux-gkeop-5.4
all
- ubuntu•linux-hwe
all
- ubuntu•linux-hwe-5.11
all
- ubuntu•linux-hwe-5.13
all
- ubuntu•linux-hwe-5.15
< 5.15.0-79.86~20.04.2
- ubuntu•linux-hwe-5.19
< 5.19.0-50.50
- ubuntu•linux-hwe-5.8
all
- ubuntu•linux-hwe-edge
all
- ubuntu•linux-ibm
< 5.15.0-1035.38
- ubuntu•linux-ibm-5.15
< 5.15.0-1036.39~20.04.1
- ubuntu•linux-intel-5.13
all
- ubuntu•linux-intel-iot-realtime
< 5.15.0-1036.38 | < 5.15.0-1036.38
- ubuntu•linux-intel-iotg
< 5.15.0-1037.42
- ubuntu•linux-intel-iotg-5.15
< 5.15.0-1037.42~20.04.1
- ubuntu•linux-kvm
< 5.15.0-1039.44
Showing first 50 affected entries in server-rendered view.
References (12)
- https://ubuntu.com/security/CVE-2022-48502
- https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b
- https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
- https://ubuntu.com/security/notices/USN-6260-1
- https://ubuntu.com/security/notices/USN-6285-1
- https://ubuntu.com/security/notices/USN-6300-1
- https://ubuntu.com/security/notices/USN-6311-1
- https://ubuntu.com/security/notices/USN-6332-1
- https://ubuntu.com/security/notices/USN-6347-1
- https://www.cve.org/CVERecord?id=CVE-2022-48502