Slab Out-Of-Bounds Write Vulnerability in Linux Kernel UDF Components
CVE-2022-49846

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2025

Summary

A serious vulnerability has been identified in the UDF (Universal Disk Format) implementation within the Linux kernel, leading to a slab out-of-bounds write issue. This bug allows for potential data corruption or system instability, as reported by Syzbot. The flaw occurs during the udf_find_entry function, where improper management of buffer allocations can lead to unauthorized memory access, compromising system integrity and security. Timely updates and patches are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

Linux 066b9cded00b8e3212df74a417bb074f3f3a1fe0 < 583fdd98d94acba1e7225e5cc29063aef0741030

Linux 066b9cded00b8e3212df74a417bb074f3f3a1fe0

Linux 066b9cded00b8e3212df74a417bb074f3f3a1fe0 < 7a6051d734f1ed0031e2216f9a538621235c11a4

References

https://git.kernel.org/stable/c/583fdd98d94acba1e7225e5cc...

https://git.kernel.org/stable/c/f1517721c408631f09d54c743...

https://git.kernel.org/stable/c/7a6051d734f1ed0031e2216f9...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
May 1, 2025