{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48946", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-22T01:27:53.624Z", "datePublished": "2024-10-21T20:05:35.818Z", "dateUpdated": "2024-11-04T12:19:41.177Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:19:41.177Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/udf/truncate.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "c8b6fa4511a7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7665857f8855", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "72f651c96c8a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4d835efd561d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1a075f4a5494", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "63dbbd8f1499", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ae56d9a01772", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "12a88f572d6d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "cfe4c1b25dd6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/udf/truncate.c"], "versions": [{"version": "4.9.337", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.303", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.270", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.229", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.161", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.85", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.15", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.1", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c"}, {"url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f"}, {"url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e"}, {"url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226"}, {"url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746"}, {"url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7"}, {"url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852"}, {"url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf"}, {"url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3"}], "title": "udf: Fix preallocation discarding at indirect extent boundary", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:22:15.056500Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:41.431Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:22:15.056500Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:22:18.208Z"}}], "cna": {"title": "udf: Fix preallocation discarding at indirect extent boundary", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "c8b6fa4511a7", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7665857f8855", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "72f651c96c8a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4d835efd561d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1a075f4a5494", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "63dbbd8f1499", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ae56d9a01772", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "12a88f572d6d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "cfe4c1b25dd6", "versionType": "git"}], "programFiles": ["fs/udf/truncate.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.9.337", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.303", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.270", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.229", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.161", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.85", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.0.15", "versionType": "semver", "lessThanOrEqual": "6.0.*"}, {"status": "unaffected", "version": "6.1.1", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/udf/truncate.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c"}, {"url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f"}, {"url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e"}, {"url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226"}, {"url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746"}, {"url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7"}, {"url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852"}, {"url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf"}, {"url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:19:41.177Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48946", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:19:41.177Z", "dateReserved": "2024-08-22T01:27:53.624Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T20:05:35.818Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FFBA9B5-26DC-4802-9A86-F7B886954E4A", "versionEndExcluding": "4.9.337", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E7450AD-4739-46F0-B81B-C02E7B35A97B", "versionEndExcluding": "4.14.303", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE8904A3-99BE-4E49-9682-1F90A6373F4F", "versionEndExcluding": "4.19.270", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0C0D95E-414A-445E-941B-3EF6A4D3A093", "versionEndExcluding": "5.4.229", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CD83369-DB79-46EF-B731-E327A63A4E1B", "versionEndExcluding": "5.10.161", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0D49B1E-E996-4A13-9C5C-23C64BBD0E0F", "versionEndExcluding": "5.15.85", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E66ABBB-C60E-481F-88C6-ED81661DFC31", "versionEndExcluding": "6.0.15", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB047947-8B25-46FD-8AEA-A916F4A3DC71", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6DFB454D-4F85-4BE2-8CC9-70245EAE4D31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix preallocation discarding at indirect extent boundary\n\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: Se corrige el descarte de preasignaci\u00f3n en el l\u00edmite de extensi\u00f3n indirecta. Cuando la extensi\u00f3n de preasignaci\u00f3n es la primera en el bloque de extensi\u00f3n, el c\u00f3digo corromper\u00eda el encabezado del \u00e1rbol de extensi\u00f3n. Corrija el problema y use udf_delete_aext() para eliminar la extensi\u00f3n y evitar la duplicaci\u00f3n de c\u00f3digo."}], "id": "CVE-2022-48946", "lastModified": "2024-10-25T20:13:39.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T20:15:06.020", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12a88f572d6d94b5c0b72e2d1782cc2e96ac06cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d835efd561dfb9bf5409f11f4ecd428d5d29226"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/63dbbd8f1499b0a161e701a04aa50148d60bd1f7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/72f651c96c8aadf087fd782d551bf7db648a8c2e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7665857f88557c372da35534165721156756f77f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae56d9a017724f130cf1a263dd82a78d2a6e3852"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cfe4c1b25dd6d2f056afc00b7c98bcb3dd0b1fc3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: udf: Fix preallocation discarding at indirect extent boundary", "id": "2320738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320738"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nudf: Fix preallocation discarding at indirect extent boundary\nWhen preallocation extent is the first one in the extent block, the\ncode would corrupt extent tree header instead. Fix the problem and use\nudf_delete_aext() for deleting extent to avoid some code duplication."], "name": "CVE-2022-48946", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48946\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48946\nhttps://lore.kernel.org/linux-cve-announce/2024102138-CVE-2022-48946-5989@gregkh/T"], "threat_severity": "Moderate"}