PT-2023-2023 · Linux+5 · Linux Kernel+5

Publicado

2023-03-18

Atualizado

2025-05-16

CVE-2022-48425

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.8

Description The issue is related to the ntfs read mft() function in the fs/ntfs3/inode.c module of the Linux kernel, which lacks validation of attribute sizes. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The problem is caused by an invalid kfree due to the lack of validation of MFT flags before replaying logs.

Recommendations For Linux kernel versions prior to 6.2.8, update to version 6.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the ntfs read mft() function in the fs/ntfs3/inode.c module until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-590CWE-763

Identificadores relacionados

ALT-PU-2023-1495

ALT-PU-2023-1539

ALT-PU-2024-6818

BDU:2023-01734

CVE-2022-48425

MGASA-2023-0201

MGASA-2023-0202

OESA-2023-1188

OESA-2023-1209

USN-6339-1

USN-6339-2

USN-6339-3

USN-6339-4

USN-6350-1

USN-6351-1

USN-6412-1

USN-6466-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2023-2023 · Linux+5 · Linux Kernel+5

CVE-2022-48425

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 120