CVE-2022-49763: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's NTFS filesystem implementation, specifically in the ntfs_attr_find() function. The vulnerability (CVE-2022-49763) was identified when loading the first MFT record, where the attrs_offset field is not properly validated against bounds, potentially leading to out-of-bounds memory access (NVD, Wiz).

The vulnerability occurs in the ntfs_attr_find() function within fs/ntfs/attrib.c. When loading $MFT/$DATA's first MFT record in ntfs_read_inode_mount(), the kernel fails to verify if the attrs_offset field is valid. If attrs_offset field is larger than bytes_allocated field, it can trigger an out-of-bounds read bug when accessing the corresponding MFT record's attribute. The issue was initially reported by the Syzkaller tool as a use-after-free issue (NVD, Red Hat).

The vulnerability could lead to out-of-bounds memory access and potential kernel memory corruption. When exploited, it could cause system crashes or potentially allow unauthorized access to kernel memory (Wiz).

The issue has been patched by adding a sanity check between the attrs_offset field and bytes_allocated field after loading the first MFT record. The fix ensures proper validation of the attrs_offset value before accessing the corresponding MFT record's attribute (Wiz).