VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2022-50864

CVE-2022-50864

Description

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix shift-out-of-bounds due to too large exponent of block size

If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set):

shift exponent 38973 is too large for 32-bit type 'int' Call Trace:

dump_stack_lvl+0xcd/0x134 ubsan_epilogue+0xb/0x50 __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5 init_nilfs.cold.11+0x18/0x1d [nilfs2] nilfs_mount+0x9b5/0x12b0 [nilfs2] ...

This fixes the issue by adding and using a new helper function for getting block size with sanity check.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A shift-out-of-bounds in nilfs2 due to a corrupted superblock's s_log_block_size can cause kernel panic; fixed by adding a sanity check.

Vulnerability

In the Linux kernel's nilfs2 filesystem, the superblock field s_log_block_size is used to compute the block size via a left-shift operation. If this field is corrupted to an excessively large value, the shift overflows a 32-bit integer, causing a shift-out-of-bounds undefined behavior. This triggers a kernel panic if panic_on_warn is set [1][2].

Exploitation

An attacker with the ability to mount a maliciously crafted nilfs2 filesystem—for example, via a USB drive or a network filesystem—can exploit this by providing a superblock with an abnormally large s_log_block_size. No authentication beyond mount privileges is required; the attack surface is local or physical access to mount a filesystem.

Impact

The kernel panics, resulting in a denial of service. The description does not indicate any code execution or data corruption beyond the panic.

Mitigation

The fix introduces a helper function that validates the block size exponent before performing the shift, preventing the out-of-bounds condition. Patches are available in the stable kernel trees [1][2]. Users should apply the latest kernel updates to mitigate this vulnerability.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

5
ec93b5430ec0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8b6ef451b570
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ddb6615a168f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a16731fa1b96
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ebeccaaef67a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.