PT-2025-18563 · Linux+6 · Linux Kernel+6

Published

2022-11-09

·

Updated

2025-07-15

·

CVE-2022-49846

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc2
Description A slab-out-of-bounds write bug was found in the udf find entry() function. This issue was reported by Syzbot and is related to a capacity change from 0 to 2048. The bug is caused by a write of size 105 at a specific address, which is located 150 bytes inside a 256-byte region. The affected function is udf find entry(), and the issue is related to the kmalloc-256 cache.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this bug. As a temporary workaround, consider restricting access to the udf find entry() function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:10379
ALSA-2025:10669
ALSA-2025:10670
BDU:2025-10254
CESA-2025_10669
CESA-2025_10670
CESA-2025_10977
CVE-2022-49846
INFSA-2025_10379
INFSA-2025_10669
INFSA-2025_10670
OESA-2025-1541
RHSA-2025:10379
RHSA-2025:10669
RHSA-2025:10670
RHSA-2025:10671
RHSA-2025:10673
RHSA-2025:10675
RHSA-2025:10701
RHSA-2025:10761
RHSA-2025:10828
RHSA-2025:10829
RHSA-2025:10830
RHSA-2025:10834
RHSA-2025:10974
RHSA-2025:10976
RHSA-2025:10977
RHSA-2025:10978
RHSA-2025:10979
RHSA-2025:10980
RHSA-2025:10981
RHSA-2025_10379
RHSA-2025_10669
RHSA-2025_10670
SUSE-SU-2025:01918-1
SUSE-SU-2025:01966-1
SUSE-SU-2025:01982-1
SUSE-SU-2025:01983-1
SUSE-SU-2025:01995-1
SUSE-SU-2025:02173-1
SUSE-SU-2025:02262-1
SUSE-SU-2025:2173-1
SUSE-SU-2025_01982-1
SUSE-SU-2025_01983-1
SUSE-SU-2025_02173-1
SUSE-SU-2025_02262-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse