CVE-2022-50057

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50057
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50057.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50057
Downstream
Published
2025-06-18T11:02:06Z
Modified
2025-10-16T06:09:52.771206Z
Summary
fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix NULL deref in ntfsupdatemftmirr

If ntfsfillsuper() wasn't called then sbi->sb will be equal to NULL. Code should check this ptr before dereferencing. Syzbot hit this issue via passing wrong mount param as can be seen from log below

Fail log: ntfs3: Unknown parameter 'iochvrset' general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0 ... Call Trace: <TASK> putntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463 ntfsfsfree+0x6a/0xe0 fs/ntfs3/super.c:1363 putfscontext+0x119/0x7a0 fs/fscontext.c:469 donewmount+0x2b4/0xad0 fs/namespace.c:3044 domount fs/namespace.c:3383 [inline] _dosysmount fs/namespace.c:3591 [inline]

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
82cae269cfa953032fbb8980a7d554d60fb00b17
Fixed
8e8e1a84dac7a3d2b432162a70d7fb6a75960772
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
82cae269cfa953032fbb8980a7d554d60fb00b17
Fixed
bf6089dc01ba3194ab962105d7b85690843c256f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
82cae269cfa953032fbb8980a7d554d60fb00b17
Fixed
321460ca3b55f48b3ba6008248264ab2bd6407d9

Affected versions

v5.*

v5.14
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.63
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.4