VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50746

CVE-2022-50746

Description

In the Linux kernel, the following vulnerability has been resolved:

erofs: validate the extent length for uncompressed pclusters

syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2

The referenced fuzzed image actually has two issues: - m_pa == 0 as a non-inlined pcluster; - The logical length is longer than its physical length.

The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free vulnerability in Linux kernel's EROFS (EROFS) due to missing validation of extent length for uncompressed pclusters, allowing local privilege escalation.

Root

Cause

The vulnerability resides in the Linux kernel's EROFS filesystem driver. When processing uncompressed pclusters, the driver failed to validate the extent length. A specially crafted filesystem image could provide a logical extent length that exceeds the physical length, leading to out-of-bounds memory access [1].

Exploitation

An attacker with the ability to mount a malicious EROFS image (e.g., via a crafted filesystem or a malicious storage device) can trigger the bug. The bug is reachable through the erofs_read_metabuf path. No special privileges beyond the ability to mount an EROFS filesystem are required; the attack surface is local, requiring physical access or a compromised storage medium [1].

Impact

Successful exploitation results in a use-after-free condition, which can lead to memory corruption, system crash (denial of service), or potentially privilege escalation if the attacker can control the freed memory [1]. The KASAN report confirms the use-after-free nature of the bug.

Mitigation

The fix was committed to the Linux kernel stable tree in commit dc8b6bd587b13b85 [1]. Users should update to a kernel version containing this patch. No workaround is available; the only mitigation is to apply the kernel update.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
dc8b6bd587b1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
40c73b2ea961
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c505feba4c0d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.