CVE-2022-50746

Published: Dic 24, 2025 Last Modified: Dic 29, 2025
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

erofs: validate the extent length for uncompressed pclusters

syzkaller reported a KASAN use-after-free:
https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2

The referenced fuzzed image actually has two issues:
- m_pa == 0 as a non-inlined pcluster;
- The logical length is longer than its physical length.

The first issue has already been addressed. This patch addresses
the second issue by checking the extent length validity.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

EPSS Score Trend (Last 82 Days)

https://git.kernel.org/stable/c/40c73b2ea9611b5388807be406f…
https://git.kernel.org/stable/c/40c73b2ea9611b5388807be406f30f5e4e1162da
https://git.kernel.org/stable/c/c505feba4c0d76084e56ec498ce…
https://git.kernel.org/stable/c/c505feba4c0d76084e56ec498ce819f02a7043ae
https://git.kernel.org/stable/c/dc8b6bd587b13b85aff6e9d36cd…
https://git.kernel.org/stable/c/dc8b6bd587b13b85aff6e9d36cdfcd3f955cac9e