{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50747","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T13:02:21.544Z","datePublished":"2025-12-24T13:05:43.347Z","dateUpdated":"2026-05-11T19:24:44.298Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:24:44.298Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Fix OOB Write in hfs_asc2mac\n\nSyzbot reported a OOB Write bug:\n\nloop0: detected capacity change from 0 to 64\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0\nfs/hfs/trans.c:133\nWrite of size 1 at addr ffff88801848314e by task syz-executor391/3632\n\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133\n hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28\n hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n\nIf in->len is much larger than HFS_NAMELEN(31) which is the maximum\nlength of an HFS filename, a OOB write could occur in hfs_asc2mac(). In\nthat case, when the dst reaches the boundary, the srclen is still\ngreater than 0, which causes a OOB write.\nFix this by adding a check on dstlen in while() before writing to dst\naddress."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfs/trans.c"],"versions":[{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"8399318b13dc9e0569dee07ba2994098926d4fb2","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"95040de81c629cd8d3c6ab5b50a8bd5088068303","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"ba8f0ca386dd15acf5a93cbac932392c7818eab4","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"6a95b17e4d4cd2d8278559f930b447f8c9c8cff9","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"cff9fefdfbf5744afbb6d70bff2b49ec2065d23d","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"7af9cb8cbb81308ce4b06cc7164267faccbf75dd","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"ae21b03f904736eb2aa9bd119d2a14e741f1681f","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"88579c158e026860c61c4192531e8bc42f4bc642","status":"affected","versionType":"git"},{"version":"328b9227865026268261a24a97a578907b280415","lessThan":"c53ed55cb275344086e32a7080a6b19cb183650b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hfs/trans.c"],"versions":[{"version":"2.6.14","status":"affected"},{"version":"0","lessThan":"2.6.14","status":"unaffected","versionType":"semver"},{"version":"4.9.337","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.303","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.86","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.16","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.2","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.9.337"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.15.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"6.0.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"6.1.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8399318b13dc9e0569dee07ba2994098926d4fb2"},{"url":"https://git.kernel.org/stable/c/95040de81c629cd8d3c6ab5b50a8bd5088068303"},{"url":"https://git.kernel.org/stable/c/ba8f0ca386dd15acf5a93cbac932392c7818eab4"},{"url":"https://git.kernel.org/stable/c/6a95b17e4d4cd2d8278559f930b447f8c9c8cff9"},{"url":"https://git.kernel.org/stable/c/cff9fefdfbf5744afbb6d70bff2b49ec2065d23d"},{"url":"https://git.kernel.org/stable/c/7af9cb8cbb81308ce4b06cc7164267faccbf75dd"},{"url":"https://git.kernel.org/stable/c/ae21b03f904736eb2aa9bd119d2a14e741f1681f"},{"url":"https://git.kernel.org/stable/c/88579c158e026860c61c4192531e8bc42f4bc642"},{"url":"https://git.kernel.org/stable/c/c53ed55cb275344086e32a7080a6b19cb183650b"}],"title":"hfs: Fix OOB Write in hfs_asc2mac","x_generator":{"engine":"bippy-1.2.0"}}}}