CVE-2022-50083

medium

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF.

References

https://git.kernel.org/stable/c/f217b1ccb178475192e6a516fab7230f51ddae94

https://git.kernel.org/stable/c/e6321fda51e5b4dd7ec295afb84cbf63c2634c7b

https://git.kernel.org/stable/c/748d17d47687e178f8e38938447fa4636c071c41

https://git.kernel.org/stable/c/4cdc284ffadd6a989f24107ee7f09be43b748fbb

https://git.kernel.org/stable/c/37d82aa78346866552d573e8badc0aa8db8f1eea

https://git.kernel.org/stable/c/2da44a2927a71bff2bc66cefa8cfbd2ace702536

https://git.kernel.org/stable/c/214c68423fd632646c68f3ec8b3c2602cf8273f3

https://git.kernel.org/stable/c/179b14152dcb6a24c3415200603aebca70ff13af

https://git.kernel.org/stable/c/0e69cf833161b29b2e25dcbf2f2b4e70d75b15cf

Details

Source: Mitre, NVD

Published: 2025-06-18

Updated: 2025-06-18

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00033