CVE-2022-49553
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49553
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49553.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49553
- Downstream
- Published
- 2025-02-26T02:14:02Z
- Modified
- 2025-10-21T10:35:47.600628Z
- Summary
- fs/ntfs3: validate BOOT sectors_per_clusters
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: validate BOOT sectorsperclusters
When the NTFS BOOT sectorsperclusters field is > 0x80, it represents a shift value. Make sure that the shift value is not too large before using it (NTFS max cluster size is 2MB). Return -EVINVAL if it too large.
This prevents negative shift values and shift values that are larger than the field size.
Prevents this UBSAN error:
UBSAN: shift-out-of-bounds in ../fs/ntfs3/super.c:673:16 shift exponent -192 is negative
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4746c49b11b2403f5b5b07c6eac9e60663dcd9a3
- https://git.kernel.org/stable/c/58cf68a1886d14ffdc5c892ce483a82156769e88
- https://git.kernel.org/stable/c/a2b6986316a2d106f6951e76db70fa4b2fde64a9
- https://git.kernel.org/stable/c/a3b774342fa752a5290c0de36375289dfcf4a260
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced82cae269cfa953032fbb8980a7d554d60fb00b17Fixed58cf68a1886d14ffdc5c892ce483a82156769e88
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced82cae269cfa953032fbb8980a7d554d60fb00b17Fixed4746c49b11b2403f5b5b07c6eac9e60663dcd9a3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced82cae269cfa953032fbb8980a7d554d60fb00b17Fixeda2b6986316a2d106f6951e76db70fa4b2fde64a9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced82cae269cfa953032fbb8980a7d554d60fb00b17Fixeda3b774342fa752a5290c0de36375289dfcf4a260
Affected versions
v5.*
v5.14
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
Database specific
vanir_signatures
[
{
"id": "CVE-2022-49553-1862a19d",
"target": {
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4746c49b11b2403f5b5b07c6eac9e60663dcd9a3",
"deprecated": false,
"digest": {
"line_hashes": [
"265157899067650716235379675888929193445",
"290012992783940425152835655344813690517",
"306881552964913348344325203185917568657",
"293076446283029944379534168819847268582",
"266375634319637378582575114365546804194",
"330327530519015976946706805718938607569",
"39257888919054408382404198954474903659",
"237384376028334654273711469133389200041",
"74178366408248133620786629962716156736",
"263434213283740353418859357557123028225"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "CVE-2022-49553-49e5a03f",
"target": {
"function": "true_sectors_per_clst",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3b774342fa752a5290c0de36375289dfcf4a260",
"deprecated": false,
"digest": {
"length": 178.0,
"function_hash": "228097963235038941323234832904099603915"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-4d79e311",
"target": {
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3b774342fa752a5290c0de36375289dfcf4a260",
"deprecated": false,
"digest": {
"line_hashes": [
"265157899067650716235379675888929193445",
"290012992783940425152835655344813690517",
"306881552964913348344325203185917568657",
"293076446283029944379534168819847268582",
"266375634319637378582575114365546804194",
"330327530519015976946706805718938607569",
"39257888919054408382404198954474903659",
"237384376028334654273711469133389200041",
"74178366408248133620786629962716156736",
"263434213283740353418859357557123028225"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "CVE-2022-49553-5b521b41",
"target": {
"function": "true_sectors_per_clst",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2b6986316a2d106f6951e76db70fa4b2fde64a9",
"deprecated": false,
"digest": {
"length": 178.0,
"function_hash": "228097963235038941323234832904099603915"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-671b145e",
"target": {
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58cf68a1886d14ffdc5c892ce483a82156769e88",
"deprecated": false,
"digest": {
"line_hashes": [
"265157899067650716235379675888929193445",
"290012992783940425152835655344813690517",
"306881552964913348344325203185917568657",
"293076446283029944379534168819847268582",
"266375634319637378582575114365546804194",
"330327530519015976946706805718938607569",
"39257888919054408382404198954474903659",
"237384376028334654273711469133389200041",
"74178366408248133620786629962716156736",
"263434213283740353418859357557123028225"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "CVE-2022-49553-76ccbfd2",
"target": {
"function": "ntfs_init_from_boot",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3b774342fa752a5290c0de36375289dfcf4a260",
"deprecated": false,
"digest": {
"length": 4469.0,
"function_hash": "289494958195594023356201597396750042839"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-903b6711",
"target": {
"function": "true_sectors_per_clst",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58cf68a1886d14ffdc5c892ce483a82156769e88",
"deprecated": false,
"digest": {
"length": 178.0,
"function_hash": "228097963235038941323234832904099603915"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-b1bb5f43",
"target": {
"function": "ntfs_init_from_boot",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4746c49b11b2403f5b5b07c6eac9e60663dcd9a3",
"deprecated": false,
"digest": {
"length": 4469.0,
"function_hash": "289494958195594023356201597396750042839"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-b33e71b0",
"target": {
"function": "ntfs_init_from_boot",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58cf68a1886d14ffdc5c892ce483a82156769e88",
"deprecated": false,
"digest": {
"length": 4469.0,
"function_hash": "289494958195594023356201597396750042839"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-c3841e80",
"target": {
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2b6986316a2d106f6951e76db70fa4b2fde64a9",
"deprecated": false,
"digest": {
"line_hashes": [
"265157899067650716235379675888929193445",
"290012992783940425152835655344813690517",
"306881552964913348344325203185917568657",
"293076446283029944379534168819847268582",
"266375634319637378582575114365546804194",
"330327530519015976946706805718938607569",
"39257888919054408382404198954474903659",
"237384376028334654273711469133389200041",
"74178366408248133620786629962716156736",
"263434213283740353418859357557123028225"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "CVE-2022-49553-d4a53f87",
"target": {
"function": "true_sectors_per_clst",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4746c49b11b2403f5b5b07c6eac9e60663dcd9a3",
"deprecated": false,
"digest": {
"length": 178.0,
"function_hash": "228097963235038941323234832904099603915"
},
"signature_type": "Function"
},
{
"id": "CVE-2022-49553-e08f36e1",
"target": {
"function": "ntfs_init_from_boot",
"file": "fs/ntfs3/super.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2b6986316a2d106f6951e76db70fa4b2fde64a9",
"deprecated": false,
"digest": {
"length": 4469.0,
"function_hash": "289494958195594023356201597396750042839"
},
"signature_type": "Function"
}
]