Home

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set): shift exponent 38973 is too large for 32-bit type 'int' Call Trace: <TASK> dump_stack_lvl+0xcd/0x134 ubsan_epilogue+0xb/0x50 __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5 init_nilfs.cold.11+0x18/0x1d [nilfs2] nilfs_mount+0x9b5/0x12b0 [nilfs2] ... This fixes the issue by adding and using a new helper function for getting block size with sanity check.

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2025-12-30 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ec93b5430ec0f60877a5388bb023d60624f9ab9f
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 8b6ef451b5701b37d9a5905534595776a662edfc
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ddb6615a168f97b91175e00eda4c644741cf531c
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a16731fa1b96226c75bbf18e73513b14fc318360
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ebeccaaef67a4895d2496ab8d9c2fb8d89201211
affected

Default status
affected

5.10.163 (semver)
unaffected

5.15.86 (semver)
unaffected

6.0.16 (semver)
unaffected

6.1.2 (semver)
unaffected

6.2 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/ec93b5430ec0f60877a5388bb023d60624f9ab9f

git.kernel.org/...c/8b6ef451b5701b37d9a5905534595776a662edfc

git.kernel.org/...c/ddb6615a168f97b91175e00eda4c644741cf531c

git.kernel.org/...c/a16731fa1b96226c75bbf18e73513b14fc318360

git.kernel.org/...c/ebeccaaef67a4895d2496ab8d9c2fb8d89201211

cve.org (CVE-2022-50864)

nvd.nist.gov (CVE-2022-50864)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.