{"id":"CVE-2022-50747","summary":"hfs: Fix OOB Write in hfs_asc2mac","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Fix OOB Write in hfs_asc2mac\n\nSyzbot reported a OOB Write bug:\n\nloop0: detected capacity change from 0 to 64\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0\nfs/hfs/trans.c:133\nWrite of size 1 at addr ffff88801848314e by task syz-executor391/3632\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133\n hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28\n hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31\n lookup_open fs/namei.c:3391 [inline]\n open_last_lookups fs/namei.c:3481 [inline]\n path_openat+0x10e6/0x2df0 fs/namei.c:3710\n do_filp_open+0x264/0x4f0 fs/namei.c:3740\n\nIf in-\u003elen is much larger than HFS_NAMELEN(31) which is the maximum\nlength of an HFS filename, a OOB write could occur in hfs_asc2mac(). In\nthat case, when the dst reaches the boundary, the srclen is still\ngreater than 0, which causes a OOB write.\nFix this by adding a check on dstlen in while() before writing to dst\naddress.","modified":"2026-03-20T12:22:37.632237Z","published":"2025-12-24T13:05:43.347Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50747.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/6a95b17e4d4cd2d8278559f930b447f8c9c8cff9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7af9cb8cbb81308ce4b06cc7164267faccbf75dd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8399318b13dc9e0569dee07ba2994098926d4fb2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/88579c158e026860c61c4192531e8bc42f4bc642"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95040de81c629cd8d3c6ab5b50a8bd5088068303"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae21b03f904736eb2aa9bd119d2a14e741f1681f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba8f0ca386dd15acf5a93cbac932392c7818eab4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c53ed55cb275344086e32a7080a6b19cb183650b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cff9fefdfbf5744afbb6d70bff2b49ec2065d23d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50747.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50747"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"328b9227865026268261a24a97a578907b280415"},{"fixed":"8399318b13dc9e0569dee07ba2994098926d4fb2"},{"fixed":"95040de81c629cd8d3c6ab5b50a8bd5088068303"},{"fixed":"ba8f0ca386dd15acf5a93cbac932392c7818eab4"},{"fixed":"6a95b17e4d4cd2d8278559f930b447f8c9c8cff9"},{"fixed":"cff9fefdfbf5744afbb6d70bff2b49ec2065d23d"},{"fixed":"7af9cb8cbb81308ce4b06cc7164267faccbf75dd"},{"fixed":"ae21b03f904736eb2aa9bd119d2a14e741f1681f"},{"fixed":"88579c158e026860c61c4192531e8bc42f4bc642"},{"fixed":"c53ed55cb275344086e32a7080a6b19cb183650b"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50747.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.14"},{"fixed":"4.9.337"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.303"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.270"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50747.json"}}],"schema_version":"1.7.5"}