CVE-2022-50737

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc7

Description The Linux kernel contains a flaw in the NTFS3 file system implementation related to security initialization. Specifically, the sanity check for $SDH and $SII is insufficient, potentially leading to issues when initializing NTFS security. This can result in a use-after-free condition, as demonstrated by a KASAN report during testing. The issue occurs during the process of mounting an NTFS file system.

Recommendations Update to a version of the Linux kernel newer than 6.0.0-rc7.