CVE-2022-50864
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/12/2025
Last modified:
30/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
nilfs2: fix shift-out-of-bounds due to too large exponent of block size<br />
<br />
If field s_log_block_size of superblock data is corrupted and too large,<br />
init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds<br />
warning followed by a kernel panic (if panic_on_warn is set):<br />
<br />
shift exponent 38973 is too large for 32-bit type &#39;int&#39;<br />
Call Trace:<br />
<br />
dump_stack_lvl+0xcd/0x134<br />
ubsan_epilogue+0xb/0x50<br />
__ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5<br />
init_nilfs.cold.11+0x18/0x1d [nilfs2]<br />
nilfs_mount+0x9b5/0x12b0 [nilfs2]<br />
...<br />
<br />
This fixes the issue by adding and using a new helper function for getting<br />
block size with sanity check.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/8b6ef451b5701b37d9a5905534595776a662edfc
- https://git.kernel.org/stable/c/a16731fa1b96226c75bbf18e73513b14fc318360
- https://git.kernel.org/stable/c/ddb6615a168f97b91175e00eda4c644741cf531c
- https://git.kernel.org/stable/c/ebeccaaef67a4895d2496ab8d9c2fb8d89201211
- https://git.kernel.org/stable/c/ec93b5430ec0f60877a5388bb023d60624f9ab9f