Linux Kernel EROFS Vulnerability Affecting Signed i_size Field
CVE-2022-50313

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50313?

A vulnerability in the Linux kernel's EROFS filesystem has been identified, arising from the handling of the i_size field as a signed type. This issue occurs when a crafted negative i_size is less than the expected block size, causing it to be improperly treated as a fast symlink. As a result, this can lead to unexpected behavior and potential exploitation. A solution has been implemented to revert to a generic handling path for such atypical i_size values, mitigating the risk associated with this flaw.

Affected Version(s)

Linux 431339ba90423a038914c6032bfd71f0ba7ef2f2 < 17a0cdbd7b0cf0fc0d7ca4187a67f8f1c18c291f

Linux 431339ba90423a038914c6032bfd71f0ba7ef2f2 < 0ab621fcdff1a58ff4de51a8590fa92a0ecd34be

Linux 431339ba90423a038914c6032bfd71f0ba7ef2f2

References

https://git.kernel.org/stable/c/17a0cdbd7b0cf0fc0d7ca4187...

https://git.kernel.org/stable/c/0ab621fcdff1a58ff4de51a85...

https://git.kernel.org/stable/c/acc2f40b980c61a9178b72cde...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025