github - ghsa-83h3-pmwm-wj9j

ghsa-83h3-pmwm-wj9j

Vulnerability from github

Published

2025-03-27 18:31

Modified

2025-03-27 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

ovl: Use "buf" flexible array for memcpy() destination

The "buf" flexible array needs to be the memcpy() destination to avoid false positive run-time warning from the recent FORTIFY_SOURCE hardening:

memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21)

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49743"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T17:15:38Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: Use \"buf\" flexible array for memcpy() destination\n\nThe \"buf\" flexible array needs to be the memcpy() destination to avoid\nfalse positive run-time warning from the recent FORTIFY_SOURCE\nhardening:\n\n  memcpy: detected field-spanning write (size 93) of single field \"\u0026fh-\u003efb\"\n  at fs/overlayfs/export.c:799 (size 21)",
  "id": "GHSA-83h3-pmwm-wj9j",
  "modified": "2025-03-27T18:31:24Z",
  "published": "2025-03-27T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49743"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07a96977b2f462337a9121302de64277b8747ab1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a77141a06367825d639ac51b04703d551163e36c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf8aa9bf97cadf85745506c6a3e244b22c268d63"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2022-49743 (GCVE-0-2022-49743)

Vulnerability from cvelistv5

Published

2025-03-27 16:42

Modified

2025-05-04 08:44

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy() destination The "buf" flexible array needs to be the memcpy() destination to avoid false positive run-time warning from the recent FORTIFY_SOURCE hardening: memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21)

References

►

URL

Tags

	https://git.kernel.org/stable/c/a77141a06367825d639ac51b04703d551163e36c
	https://git.kernel.org/stable/c/07a96977b2f462337a9121302de64277b8747ab1
	https://git.kernel.org/stable/c/cf8aa9bf97cadf85745506c6a3e244b22c268d63

Impacted products

Vendor

Product

Version

►

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/overlayfs/export.c",
            "fs/overlayfs/overlayfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a77141a06367825d639ac51b04703d551163e36c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "07a96977b2f462337a9121302de64277b8747ab1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cf8aa9bf97cadf85745506c6a3e244b22c268d63",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/overlayfs/export.c",
            "fs/overlayfs/overlayfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.93",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: Use \"buf\" flexible array for memcpy() destination\n\nThe \"buf\" flexible array needs to be the memcpy() destination to avoid\nfalse positive run-time warning from the recent FORTIFY_SOURCE\nhardening:\n\n  memcpy: detected field-spanning write (size 93) of single field \"\u0026fh-\u003efb\"\n  at fs/overlayfs/export.c:799 (size 21)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:44:26.260Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a77141a06367825d639ac51b04703d551163e36c"
        },
        {
          "url": "https://git.kernel.org/stable/c/07a96977b2f462337a9121302de64277b8747ab1"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf8aa9bf97cadf85745506c6a3e244b22c268d63"
        }
      ],
      "title": "ovl: Use \"buf\" flexible array for memcpy() destination",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49743",
    "datePublished": "2025-03-27T16:42:54.289Z",
    "dateReserved": "2025-03-27T16:39:17.987Z",
    "dateUpdated": "2025-05-04T08:44:26.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.