CVE-2022-50313
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50313
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50313.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50313
- Downstream
- Published
- 2025-09-15T15:15:43Z
- Modified
- 2025-09-15T21:00:19Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix order >= MAXORDER warning due to crafted negative isize
As syzbot reported [1], the root cause is that isize field is a signed type, and negative isize is also less than EROFS_BLKSIZ. As a consequence, it's handled as fast symlink unexpectedly.
Let's fall back to the generic path to deal with such unusual i_size.
[1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com
- References
-
- https://git.kernel.org/stable/c/0ab621fcdff1a58ff4de51a8590fa92a0ecd34be
- https://git.kernel.org/stable/c/17a0cdbd7b0cf0fc0d7ca4187a67f8f1c18c291f
- https://git.kernel.org/stable/c/1dd73601a1cba37a0ed5f89a8662c90191df5873
- https://git.kernel.org/stable/c/6235fb899b25fd287d5e42635ff82196395708cc
- https://git.kernel.org/stable/c/acc2f40b980c61a9178b72cdedd150b829064997
- https://git.kernel.org/stable/c/b6c8330f5b0f22149957a2e4977fd0f01a9db7cd