CVE-2022-50313 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-50313 PUBLISHED

Reported by Linux · Published September 15, 2025

In the Linux kernel, the following vulnerability has been resolved: erofs: fix order >= MAX_ORDER warning due to crafted negative i_size As syzbot reported [1], the root cause is that i_size field is a signed type, and negative i_size is also less than EROFS_BLKSIZ. As a consequence, it's handled as fast symlink unexpectedly. Let's fall back to the generic path to deal with such unusual i_size. [1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com

EPSS 0.02% · 2.9th percentile

Risk Scores

EPSS Score

0.02%

2.9th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2
Linux	Linux	4.19, 0, 5.4.289
Linux	Linux	431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2
linux	linux_kernel	4.19, 4.19, 4.19

Timeline

Sep 15, 2025 CVE Published
Sep 16, 2025 EPSS Score
Sep 23, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 6, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Nov 1, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 14, 2025 EPSS Score
Nov 21, 2025 EPSS Score

References

Open in Interactive Console →