Lucene search

GoogleOSV:CVE-2022-48423

HistoryMar 19, 2023 - 3:15 a.m.

CVE-2022-48423

2023-03-1903:15:11

Google

osv.dev

linux kernel

fs/ntfs3/record.c

resident attribute

validation

out-of-bounds write

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.

References

cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54e45702b648b7c0000e90b3e9b890e367e16ea8

security-tracker.debian.org/tracker/CVE-2022-48423

security.netapp.com/advisory/ntap-20230505-0003/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2022-48423