CVE-2022-48668

In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest generic/031 I also decided to merge a minor cleanup to this into the same patch (avoiding rereading inode size repeatedly unnecessarily) to make it clearer.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9	Patch
https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4	Patch
https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9	Patch
https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc3::::::

History

18 Sep 2025, 13:59

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.0:rc3:::::: cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9 -~~	() https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9 - Patch
References	~~() https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 -~~	() https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 - Patch
First Time		Linux Linux linux Kernel
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3

Information

Published : 2024-04-28 13:15

Updated : 2025-09-19 15:04

NVD link : CVE-2022-48668

Mitre link : CVE-2022-48668

CVE.ORG link : CVE-2022-48668

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-48668", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-04-28T13:15:08.203", "references": [{"url": "https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in collapse range\n\ncollapse range doesn't discard the affected cached region\nso can risk temporarily corrupting the file data. This\nfixes xfstest generic/031\n\nI also decided to merge a minor cleanup to this into the same patch\n(avoiding rereading inode size repeatedly unnecessarily) to make it\nclearer."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: smb3: corrige la corrupci\u00f3n temporal de datos en el rango de contracci\u00f3n el rango de contracci\u00f3n no descarta la regi\u00f3n en cach\u00e9 afectada, por lo que puede correr el riesgo de corromper temporalmente los datos del archivo. Esto corrige xfstest generic/031. Tambi\u00e9n decid\u00ed fusionar una limpieza menor en el mismo parche (evitando volver a leer el tama\u00f1o del inodo repetidamente innecesariamente) para que quede m\u00e1s claro."}], "lastModified": "2025-09-19T15:04:39.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B43EFD11-EBB4-4644-BD8C-DA94E125A946", "versionEndExcluding": "5.19.12", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}