CVE-2022-49166 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ntfs: add sanity check on allocation size
ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. It triggers one BUG in the __ntfs_malloc function.
Fix this by adding sanity check on ni->attr_list_size.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/16/2025
The vulnerability CVE-2022-49166 represents a critical memory management flaw in the Linux kernel's ntfs driver that could lead to system instability and potential privilege escalation. This issue specifically affects the ntfs filesystem implementation within the kernel's file system subsystem, where improper handling of allocation sizes during inode reading operations creates a condition that triggers a kernel BUG. The vulnerability stems from a lack of proper input validation when processing ntfs filesystem structures, particularly in the ntfs_read_inode_mount function which is responsible for reading and initializing inode data structures during filesystem mount operations.
The technical flaw occurs when the ntfs_read_inode_mount function calls ntfs_malloc_nofs with a zero allocation size parameter, which subsequently propagates to the __ntfs_malloc function that contains the kernel BUG. This condition represents a classic case of inadequate bounds checking and parameter validation that violates fundamental security principles. The vulnerability is categorized under CWE-129 as an "Improper Validation of Array Index" and also relates to CWE-682 as "Incorrect Calculation" since the improper handling of allocation sizes leads to incorrect memory management operations. The flaw exists in the ntfs filesystem driver's memory allocation logic where the system fails to validate that the allocation size parameter is non-zero before proceeding with memory allocation operations.
The operational impact of this vulnerability extends beyond simple system crashes, potentially allowing attackers to exploit the kernel BUG through crafted ntfs filesystem structures or malicious file content. When the kernel encounters a zero allocation size during memory allocation, it triggers an internal kernel assertion failure that typically results in system panic or reboot, creating a denial of service condition. However, the vulnerability could potentially be leveraged in more sophisticated attacks if an attacker can control the ntfs filesystem structure data, potentially leading to privilege escalation or information disclosure. The ATT&CK framework categorizes this under T1068 as "Exploitation for Privilege Escalation" and T1499 as "Endpoint Denial of Service" when considering the potential for system instability and service disruption.
The fix implemented for CVE-2022-49166 involves adding a sanity check on the ni->attr_list_size parameter before proceeding with memory allocation operations. This defensive programming approach ensures that the ntfs driver validates input parameters and prevents the propagation of invalid allocation sizes to the underlying memory management functions. The solution addresses the root cause by implementing proper parameter validation that checks for zero or invalid allocation sizes before invoking memory allocation routines. This mitigation aligns with security best practices for kernel development and follows the principle of least privilege by ensuring that all system resources are properly validated before use. The fix demonstrates proper error handling and input validation techniques that are essential for maintaining kernel stability and preventing exploitation of memory management vulnerabilities. System administrators should prioritize applying this kernel patch as it addresses a critical stability issue that could be exploited to cause system-wide disruption in environments where ntfs filesystems are actively mounted and used.