Undefined Behavior in Linux Kernel's ext4 Filesystem
CVE-2022-50403

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2025

What is CVE-2022-50403?

This vulnerability in the Linux Kernel's ext4 filesystem relates to an undefined behavior caused by shifting a signed 32-bit integer by 31 bits. This can trigger a UBSAN warning indicating a shift-out-of-bounds error. The fix modifies the behavior by changing the significant bit to unsigned, thus ensuring proper handling of bit shifts and preventing potential misuse of this vulnerability in data manipulation or resource allocation.

Affected Version(s)

Linux 9a4c8019471386c6fb039ae9e30f5216b6b55a9e

Linux 9a4c8019471386c6fb039ae9e30f5216b6b55a9e < 743e9d708743d98464ccbd56e820d87dc6d1d629

References

https://git.kernel.org/stable/c/dd5639d36a5e4e42fd0fe05cc...

https://git.kernel.org/stable/c/d7f93fc6fba8ff017be871be7...

https://git.kernel.org/stable/c/743e9d708743d98464ccbd56e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 17, 2025