Vulnerabilities > CVE-2022-48425 - Release of Invalid Pointer or Reference vulnerability in Linux Kernel

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
CWE-763

Summary

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.

Vulnerable Configurations

Part Description Count
OS
Linux
4687

Common Weakness Enumeration (CWE)