{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50747", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T13:02:21.544Z", "datePublished": "2025-12-24T13:05:43.347Z", "dateUpdated": "2025-12-24T13:05:43.347Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T13:05:43.347Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Fix OOB Write in hfs_asc2mac\n\nSyzbot reported a OOB Write bug:\n\nloop0: detected capacity change from 0 to 64\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0\nfs/hfs/trans.c:133\nWrite of size 1 at addr ffff88801848314e by task syz-executor391/3632\n\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133\n hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28\n hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n\nIf in->len is much larger than HFS_NAMELEN(31) which is the maximum\nlength of an HFS filename, a OOB write could occur in hfs_asc2mac(). In\nthat case, when the dst reaches the boundary, the srclen is still\ngreater than 0, which causes a OOB write.\nFix this by adding a check on dstlen in while() before writing to dst\naddress."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/hfs/trans.c"], "versions": [{"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "8399318b13dc9e0569dee07ba2994098926d4fb2", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "95040de81c629cd8d3c6ab5b50a8bd5088068303", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "ba8f0ca386dd15acf5a93cbac932392c7818eab4", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "6a95b17e4d4cd2d8278559f930b447f8c9c8cff9", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "cff9fefdfbf5744afbb6d70bff2b49ec2065d23d", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "7af9cb8cbb81308ce4b06cc7164267faccbf75dd", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "ae21b03f904736eb2aa9bd119d2a14e741f1681f", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "88579c158e026860c61c4192531e8bc42f4bc642", "status": "affected", "versionType": "git"}, {"version": "328b9227865026268261a24a97a578907b280415", "lessThan": "c53ed55cb275344086e32a7080a6b19cb183650b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/hfs/trans.c"], "versions": [{"version": "2.6.14", "status": "affected"}, {"version": "0", "lessThan": "2.6.14", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.337", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.303", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.270", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.229", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.163", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "4.9.337"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "4.14.303"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "4.19.270"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "5.4.229"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "5.10.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.14", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8399318b13dc9e0569dee07ba2994098926d4fb2"}, {"url": "https://git.kernel.org/stable/c/95040de81c629cd8d3c6ab5b50a8bd5088068303"}, {"url": "https://git.kernel.org/stable/c/ba8f0ca386dd15acf5a93cbac932392c7818eab4"}, {"url": "https://git.kernel.org/stable/c/6a95b17e4d4cd2d8278559f930b447f8c9c8cff9"}, {"url": "https://git.kernel.org/stable/c/cff9fefdfbf5744afbb6d70bff2b49ec2065d23d"}, {"url": "https://git.kernel.org/stable/c/7af9cb8cbb81308ce4b06cc7164267faccbf75dd"}, {"url": "https://git.kernel.org/stable/c/ae21b03f904736eb2aa9bd119d2a14e741f1681f"}, {"url": "https://git.kernel.org/stable/c/88579c158e026860c61c4192531e8bc42f4bc642"}, {"url": "https://git.kernel.org/stable/c/c53ed55cb275344086e32a7080a6b19cb183650b"}], "title": "hfs: Fix OOB Write in hfs_asc2mac", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Fix OOB Write in hfs_asc2mac\n\nSyzbot reported a OOB Write bug:\n\nloop0: detected capacity change from 0 to 64\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0\nfs/hfs/trans.c:133\nWrite of size 1 at addr ffff88801848314e by task syz-executor391/3632\n\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133\n hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28\n hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n\nIf in->len is much larger than HFS_NAMELEN(31) which is the maximum\nlength of an HFS filename, a OOB write could occur in hfs_asc2mac(). In\nthat case, when the dst reaches the boundary, the srclen is still\ngreater than 0, which causes a OOB write.\nFix this by adding a check on dstlen in while() before writing to dst\naddress."}], "id": "CVE-2022-50747", "lastModified": "2025-12-24T13:16:01.410", "metrics": {}, "published": "2025-12-24T13:16:01.410", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6a95b17e4d4cd2d8278559f930b447f8c9c8cff9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7af9cb8cbb81308ce4b06cc7164267faccbf75dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8399318b13dc9e0569dee07ba2994098926d4fb2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/88579c158e026860c61c4192531e8bc42f4bc642"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95040de81c629cd8d3c6ab5b50a8bd5088068303"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ae21b03f904736eb2aa9bd119d2a14e741f1681f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ba8f0ca386dd15acf5a93cbac932392c7818eab4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c53ed55cb275344086e32a7080a6b19cb183650b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cff9fefdfbf5744afbb6d70bff2b49ec2065d23d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}