CVE-2022-49560

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A slab-out-of-bounds read issue was discovered in the exfat clear bitmap function, triggered by calling truncate with a size of 0. This caused a read of size 8 at an invalid address, resulting in a BUG: KASAN: slab-out-of-bounds error. The issue was reported by Syzbot and is related to the exfat file system. The problem occurs when the cluster number is not validated, leading to an out-of-bounds access.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix, which involves moving the is valid cluster() helper to a common header and adding validation for the cluster number in the exfat clear bitmap() and exfat set bitmap() functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.