CVE-2022-49464
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49464
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49464.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49464
- Downstream
- Published
- 2025-02-26T02:13:10.321Z
- Modified
- 2025-11-28T19:13:29.049341Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- erofs: fix buffer copy overflow of ztailpacking feature
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix buffer copy overflow of ztailpacking feature
I got some KASAN report as below:
[ 46.959738] ================================================================== [ 46.960430] BUG: KASAN: use-after-free in zerofsshiftedtransform+0x2bd/0x370 [ 46.960430] Read of size 4074 at addr ffff8880300c2f8e by task fssum/188 ... [ 46.960430] Call Trace: [ 46.960430] <TASK> [ 46.960430] dumpstacklvl+0x41/0x5e [ 46.960430] printreport.cold+0xb2/0x6b7 [ 46.960430] ? zerofsshiftedtransform+0x2bd/0x370 [ 46.960430] kasanreport+0x8a/0x140 [ 46.960430] ? zerofsshiftedtransform+0x2bd/0x370 [ 46.960430] kasancheckrange+0x14d/0x1d0 [ 46.960430] memcpy+0x20/0x60 [ 46.960430] zerofsshiftedtransform+0x2bd/0x370 [ 46.960430] zerofsdecompress_pcluster+0xaae/0x1080
The root cause is that the tail pcluster won't be a complete filesystem block anymore. So if ztailpacking is used, the second part of an uncompressed tail pcluster may not be
rq->pageofs_out. - Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49464.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4d53a625f29074e7b8236c2c0e0922edb7608df9
- https://git.kernel.org/stable/c/6b59e1907f58cf877c563dcf013159eb9f994b64
- https://git.kernel.org/stable/c/dcbe6803fffd387f72b48c2373b5f5ed12a5804b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49464.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49464
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedab749badf9f41f32509cd103391b81ea7e684b76Fixed4d53a625f29074e7b8236c2c0e0922edb7608df9Fixed6b59e1907f58cf877c563dcf013159eb9f994b64Fixeddcbe6803fffd387f72b48c2373b5f5ed12a5804b