CVE-2022-49550

MEDIUM

Linux Kernel 5.18-5.18.2 - Use-After-Free in NTFS3 Filesystem

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: provide block_invalidate_folio to fix memory leak The ntfs3 filesystem lacks the 'invalidate_folio' method and it causes memory leak. If you write to the filesystem and then unmount it, the cached written data are not freed and they are permanently leaked.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/0753245a72ec99824677586499ee2e0919164b3f

Patch

https://git.kernel.org/stable/c/724bbe49c5e427cb077357d72d240a649f2e4054

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 10.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (8)

linux/Kernel 5.18.0 - 5.18.3linux

Linux/Linux < 5.18

Linux/Linux 5.18

Linux/Linux 5.18.3 - 5.18.*

Linux/Linux 5.19

Linux/Linux 7ba13abbd31ee9265e88d7dc029c0f786e665192 - 0753245a72ec99824677586499ee2e0919164b3f

Linux/Linux 7ba13abbd31ee9265e88d7dc029c0f786e665192 - 724bbe49c5e427cb077357d72d240a649f2e4054

linux/linux_kernel 5.18 - 5.18.3

Published Feb 26, 2025

Tracked Since Feb 18, 2026