PT-2022-6494 · Linux+5 · Linux Kernel+5

Published

2022-09-30

Updated

2025-03-03

CVE-2022-48423

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.3

Description The issue is related to the lack of validation of resident attribute names in the fs/ntfs3/record.c module of the Linux kernel. This can lead to an out-of-bounds write. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 6.1.3, update to version 6.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the fs/ntfs3/record.c module until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-590

Related Identifiers

ALT-PU-2023-1023

ALT-PU-2023-1064

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-25694

BDU:2023-01745

CVE-2022-48423

OESA-2023-1188

OESA-2023-1209

USN-5982-1

USN-5987-1

USN-6004-1

USN-6079-1

USN-6091-1

USN-6096-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2022-6494 · Linux+5 · Linux Kernel+5

CVE-2022-48423

Weakness Enumeration

Related Identifiers

Affected Products

References · 90