DEBIAN-CVE-2022-49762
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-49762
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49762.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-49762
- Upstream
- Published
- 2025-05-01T15:15:58Z
- Modified
- 2025-09-30T05:15:57.936166Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in ntfsattrfind(). Because the ATTRRECORDs are next to each other, kernel can get the next ATTRRECORD from end address of current ATTRRECORD, through current ATTRRECORD length field. The problem is that during iteration, when kernel calculates the end address of current ATTRRECORD, kernel may trigger an integer overflow bug in executing
a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length)). This may wrap, leading to a forever iteration on 32bit systems. This patch solves it by adding some checks on calculating end address of current ATTRRECORD during iteration. - References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.158-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source