Use-after-free in Linux kernel ntfs



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49763
CWE-ID CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU108232

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49763

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ntfs_read_inode_mount() function in fs/ntfs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.14 - 4.14.299

CPE2.3 External links

https://git.kernel.org/stable/c/266bd5306286316758e6246ea0345133427b0f62
https://git.kernel.org/stable/c/4863f815463034f588a035cfd99cdca97a4f1069
https://git.kernel.org/stable/c/5330c423b86263ac7883fef0260b9e2229cb531e
https://git.kernel.org/stable/c/79f3ac7dcd12c05b7539239a4c6fa229a50d786c
https://git.kernel.org/stable/c/b825bfbbaafbe8da2037e3a778ad660c59f9e054
https://git.kernel.org/stable/c/d0006d739738a658a9c29b438444259d9f71dfa0
https://git.kernel.org/stable/c/d85a1bec8e8d552ab13163ca1874dcd82f3d1550
https://git.kernel.org/stable/c/fb2004bafd1932e08d21ca604ee5844f2b7f212d
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.300


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###