{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50581","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-22T13:20:23.762Z","datePublished":"2025-10-22T13:23:33.421Z","dateUpdated":"2026-05-11T19:22:11.562Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:22:11.562Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix OOB Read in __hfs_brec_find\n\nSyzbot reported a OOB read bug:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190\nfs/hfs/string.c:84\nRead of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11\nCPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted\n6.1.0-rc6-syzkaller-00308-g644e9524388a #0\nWorkqueue: writeback wb_workfn (flush-7:0)\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_strcmp+0x117/0x190 fs/hfs/string.c:84\n __hfs_brec_find+0x213/0x5c0 fs/hfs/bfind.c:75\n hfs_brec_find+0x276/0x520 fs/hfs/bfind.c:138\n hfs_write_inode+0x34c/0xb40 fs/hfs/inode.c:462\n write_inode fs/fs-writeback.c:1440 [inline]\n\nIf the input inode of hfs_write_inode() is incorrect:\nstruct inode\n  struct hfs_inode_info\n    struct hfs_cat_key\n      struct hfs_name\n        u8 len # len is greater than HFS_NAMELEN(31) which is the\nmaximum length of an HFS filename\n\nOOB read occurred:\nhfs_write_inode()\n  hfs_brec_find()\n    __hfs_brec_find()\n      hfs_cat_keycmp()\n        hfs_strcmp() # OOB read occurred due to len is too large\n\nFix this by adding a Check on len in hfs_write_inode() before calling\nhfs_brec_find()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfs/inode.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8c40f2dbae603ef0bd21e87c63f54ec59fd88256","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c886c10a6eddb99923b315f42bf63f448883ef9a","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2344f17c0a89c181ab1a9fef57fd8c3bddfd6e30","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"90103ccb6e60aa4efe48993d23d6a528472f2233","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4fd3a11804c8877ff11fec59c5c53f1635331e3e","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"367296925c7625c3969d2a78d7a3e1dee161beb5","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e9e692917c6e10a7066c7a6d092dcdc3d4e329f3","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"bfc9d8f27f89717431a6aecce42ae230b437433f","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8d824e69d9f3fa3121b2dda25053bae71e2460d2","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfs/inode.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.9.337","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.303","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.86","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.16","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.2","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.9.337"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.0.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8c40f2dbae603ef0bd21e87c63f54ec59fd88256"},{"url":"https://git.kernel.org/stable/c/c886c10a6eddb99923b315f42bf63f448883ef9a"},{"url":"https://git.kernel.org/stable/c/2344f17c0a89c181ab1a9fef57fd8c3bddfd6e30"},{"url":"https://git.kernel.org/stable/c/90103ccb6e60aa4efe48993d23d6a528472f2233"},{"url":"https://git.kernel.org/stable/c/4fd3a11804c8877ff11fec59c5c53f1635331e3e"},{"url":"https://git.kernel.org/stable/c/367296925c7625c3969d2a78d7a3e1dee161beb5"},{"url":"https://git.kernel.org/stable/c/e9e692917c6e10a7066c7a6d092dcdc3d4e329f3"},{"url":"https://git.kernel.org/stable/c/bfc9d8f27f89717431a6aecce42ae230b437433f"},{"url":"https://git.kernel.org/stable/c/8d824e69d9f3fa3121b2dda25053bae71e2460d2"}],"title":"hfs: fix OOB Read in __hfs_brec_find","x_generator":{"engine":"bippy-1.2.0"}}}}