Bug 2086412 (CVE-2022-1943) - CVE-2022-1943 kernel: A slab-out-of-bounds Write bug when invoke udf_write_fi via ioctl
Summary: CVE-2022-1943 kernel: A slab-out-of-bounds Write bug when invoke udf_write_fi...
Status: NEW
Alias: CVE-2022-1943
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 2091395 2091396
Blocks: 2086413
TreeView+ depends on / blocked
Reported: 2022-05-16 05:51 UTC by Sandipan Roy
Modified: 2023-09-19 14:13 UTC (History)
45 users (show)

Fixed In Version: Linux kernel 5.18-rc7
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds memory write flaw was found in the Linux kernel’s UDF file system functionality in the way a user triggers some file operations, which triggers udf_write_fi(). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Sandipan Roy 2022-05-16 05:51:35 UTC
udf_write_fi() uses lengthOfImpUse of the entry it is writing to.
However this field has not yet been initialized so it either contains
completely bogus value or value from last directory entry at that place.
In either case this is wrong and can lead to filesystem corruption or
kernel crashes.

Note You need to log in before you can comment on or make changes to this bug.