Null Pointer Dereference in Linux Kernel's NTFS Handling
CVE-2022-50336

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 September 2025

What is CVE-2022-50336?

A vulnerability exists in the Linux kernel's handling of NTFS metadata files, where a null pointer check was required for certain edge cases. This flaw can lead to a null pointer dereference (NPD) when reading metadata from malformed NTFS images. The addition of a null pointer check for the attr_load_runs_vcn function enhances the kernel's robustness against potential exploitation, mitigating risk associated with the improper handling of these file system structures.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 26425414bfe5d302413b956ab2469176d4ff53aa

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1621734cd3047f7979da1d7d5c5444d583d8b0ed

References

https://git.kernel.org/stable/c/ea6b3598406c58c5d09b6f432...
https://git.kernel.org/stable/c/26425414bfe5d302413b956ab...
https://git.kernel.org/stable/c/1621734cd3047f7979da1d7d5...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-50336 : Null Pointer Dereference in Linux Kernel's NTFS Handling