CVE-2022-49062

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc1-nfs-fscache-netfs+ #13

Description A slab-out-of-bounds issue has been identified in the cachefiles set volume xattr function of the Linux kernel. This issue occurs when the actual length of volume coherency data is not used when setting the xattr, resulting in a KASAN report. The bug is triggered by a write of size 4 at a specific address, causing the kernel to access memory outside the bounds of a slab allocation. The issue is related to the cachefiles module and the fscache workqueue.

Recommendations For Linux kernel versions prior to 5.18.0-rc1-nfs-fscache-netfs+ #13, consider disabling the cachefiles set volume xattr function as a temporary workaround until a patch is available. Additionally, restricting access to the cachefiles module may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.