CVE-2022-50762

Vulnerability

In the Linux kernel's ntfs3 filesystem driver, the function true_sectors_per_clst() in fs/ntfs3/super.c performs a shift operation that can result in a negative shift exponent. This triggers an Undefined Behavior Sanitizer (UBSAN) shift-out-of-bounds error, as reported by syzbot [1]. The root cause is a missing or insufficient validation of the sectors-per-cluster value, leading to a shift exponent of -247.

Exploitation

An attacker with the ability to mount a specially crafted NTFS filesystem image can trigger this bug. The vulnerability exists in the kernel's handling of NTFS metadata, so local access is required to mount the malicious image. No additional privileges are needed beyond the ability to mount filesystems.

Impact

When triggered, the UBSAN error causes a kernel log message and potential undefined behavior. While UBSAN does not crash the kernel by default, it indicates a serious bug that could lead to memory corruption or system instability in certain configurations.

Mitigation

The fix is included in Linux kernel stable updates [1][2]. Users should apply the latest kernel patches from their distribution or update to a kernel version that contains the commit.