VDB

CVE-2022-50313

CVE-2022-50313 PUBLISHED

Reported by Linux · Published September 15, 2025

In the Linux kernel, the following vulnerability has been resolved: erofs: fix order >= MAX_ORDER warning due to crafted negative i_size As syzbot reported [1], the root cause is that i_size field is a signed type, and negative i_size is also less than EROFS_BLKSIZ. As a consequence, it's handled as fast symlink unexpectedly. Let's fall back to the generic path to deal with such unusual i_size. [1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com

EPSS 0.02% · 6.2th percentile

Risk Scores

EPSS Score
0.02%
6.2th percentile

Affected Products

VendorProductVersions
LinuxLinux431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2
LinuxLinux4.19, 0, 5.4.289
LinuxLinux*, 431339ba90423a038914c6032bfd71f0ba7ef2f2, 431339ba90423a038914c6032bfd71f0ba7ef2f2
linuxlinux_kernel4.19, 4.19, 4.19

Timeline

  • Sep 15, 2025 CVE Published
  • Sep 16, 2025 EPSS Score
  • Sep 23, 2025 EPSS Score
  • Sep 30, 2025 EPSS Score
  • Oct 7, 2025 EPSS Score
  • Oct 15, 2025 EPSS Score
  • Oct 22, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 5, 2025 EPSS Score
  • Nov 12, 2025 EPSS Score
  • Nov 19, 2025 EPSS Score
  • Nov 26, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›