CVE-2022-49464

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/4d53a625f29074e7b8236c2c0e0922edb7608df9", "name": "https://git.kernel.org/stable/c/4d53a625f29074e7b8236c2c0e0922edb7608df9", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/6b59e1907f58cf877c563dcf013159eb9f994b64", "name": "https://git.kernel.org/stable/c/6b59e1907f58cf877c563dcf013159eb9f994b64", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/dcbe6803fffd387f72b48c2373b5f5ed12a5804b", "name": "https://git.kernel.org/stable/c/dcbe6803fffd387f72b48c2373b5f5ed12a5804b", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix buffer copy overflow of ztailpacking feature\n\nI got some KASAN report as below:\n\n[ 46.959738] ==================================================================\n[ 46.960430] BUG: KASAN: use-after-free in z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] Read of size 4074 at addr ffff8880300c2f8e by task fssum/188\n...\n[ 46.960430] Call Trace:\n[ 46.960430] <TASK>\n[ 46.960430] dump_stack_lvl+0x41/0x5e\n[ 46.960430] print_report.cold+0xb2/0x6b7\n[ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] kasan_report+0x8a/0x140\n[ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] kasan_check_range+0x14d/0x1d0\n[ 46.960430] memcpy+0x20/0x60\n[ 46.960430] z_erofs_shifted_transform+0x2bd/0x370\n[ 46.960430] z_erofs_decompress_pcluster+0xaae/0x1080\n\nThe root cause is that the tail pcluster won't be a complete filesystem\nblock anymore. So if ztailpacking is used, the second part of an\nuncompressed tail pcluster may not be ``rq->pageofs_out``."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-49464", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2025-02-26T07:01Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.17"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-24T19:58Z"}