CVE-2022-30785: 
CBL Mariner vulnerability analysis and mitigation

CVE-2022-30785 is a security vulnerability discovered in NTFS-3G through version 2021.8.22. The vulnerability involves a file handle created in fuselibopendir, and later used in fuselibreaddir, which enables arbitrary memory read and write operations when using libfuse-lite (NVD, CVE). The vulnerability was disclosed in May 2022 and affects the NTFS-3G FUSE driver, which provides read-write NTFS filesystem support for various operating systems.

The vulnerability stems from improper handling of file handles between the fuselibopendir and fuselibreaddir functions when using libfuse-lite. This implementation flaw allows for arbitrary memory read and write operations, potentially leading to privilege escalation. The vulnerability has been assigned a CVSS v3 severity score of 6.7 (Medium) (Ubuntu).

The vulnerability enables arbitrary memory read and write operations, which could allow a local attacker to execute privileged code if they have local access and the ntfs-3g binary is setuid root. This could lead to local root privilege escalation on affected systems (GitHub Advisory).

The vulnerability has been fixed in NTFS-3G version 2022.5.17 and later releases. Users are advised to upgrade to the patched version. Multiple Linux distributions have released security updates to address this vulnerability, including Debian (version 1:2017.3.23AR.3-4+deb11u2), Fedora (version 2022.5.17-1), and Gentoo (version 2022.10.3) (Debian Security, Fedora Update, Gentoo Security).