CVE-2022-1304

Published: 14 April 2022

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
e2fsprogs Launchpad, Ubuntu, Debian	bionic	Released (1.44.1-1ubuntu1.4)
	focal	Released (1.45.5-2ubuntu1.1)
	impish	Released (1.46.3-1ubuntu3.1)
	jammy	Released (1.46.5-2ubuntu1.1)
	trusty	Released (1.42.9-3ubuntu1.3+esm3)
	upstream	Pending
	xenial	Released (1.42.13-1ubuntu1.2+esm1)
	Patches: upstream: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://ubuntu.com/security/notices/USN-5464-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://bugzilla.redhat.com/show_bug.cgi?id=2068113
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›