Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-49166
CVE-2022-49166:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2022-49166 affects the Linux kernel's NTFS filesystem implementation. The vulnerability occurs in the ntfs_read_inode_mount function where ntfs_malloc_nofs is invoked with zero allocation size, triggering a BUG in the __ntfs_malloc function (Kernel Git). This issue was discovered and reported by the syzkaller project (NVD).
Technical details
The vulnerability exists in the fs/ntfs/inode.c file where the ntfs_read_inode_mount function fails to validate the allocation size before calling ntfs_malloc_nofs. When ni->attr_list_size is zero, the function attempts to allocate memory with a zero size, which triggers a BUG condition in the __ntfs_malloc function (Kernel Git).
Impact
When exploited, this vulnerability can trigger a kernel BUG condition, potentially leading to a denial of service on affected systems (NVD).
Mitigation and workarounds
The issue has been fixed by adding a sanity check on ni->attr_list_size before memory allocation. The fix includes adding an error check and appropriate error handling when the allocation size is zero (Kernel Git).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management