{"id":"CVE-2022-50403","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix undefined behavior in bit shift for ext4_check_flag_values\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in fs/ext4/ext4.h:591:2\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n ext4_init_fs+0x5a/0x277\n do_one_initcall+0x76/0x430\n kernel_init_freeable+0x3b3/0x422\n kernel_init+0x24/0x1e0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e","modified":"2025-09-22T15:10:46.679004Z","published":"2025-09-18T16:15:43Z","withdrawn":"2025-09-23T00:59:33.355009Z","references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/205ac16628aca9093931fcbdb4bcd00d0eb94132"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3bf678a0f9c017c9ba7c581541dbc8453452a7ae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4690a4bdcf1470cb161aff1be30bd143b9dffd89"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5da9e607547f73dc7a643f35b0487992fd66910f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/743e9d708743d98464ccbd56e820d87dc6d1d629"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7753d6657873a2523a9989e6c09090cd503bbcda"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d7f93fc6fba8ff017be871be7edf8614a785ccad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd5639d36a5e4e42fd0fe05cc0b2ad9ddd3fca9d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9cd6980800bbfd11bf94eb5f942049d4d4eaa52"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2022-50403"}],"affected":[{"package":{"name":"linux","ecosystem":"Debian:11","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.178-1"}]}],"versions":["5.10.103-1","5.10.103-1~bpo10+1","5.10.106-1","5.10.113-1","5.10.120-1","5.10.120-1~bpo10+1","5.10.127-1","5.10.127-2","5.10.127-2~bpo10+1","5.10.136-1","5.10.140-1","5.10.148-1","5.10.149-1","5.10.149-2","5.10.158-1","5.10.158-2","5.10.162-1","5.10.46-4","5.10.46-5","5.10.70-1","5.10.70-1~bpo10+1","5.10.84-1","5.10.92-1","5.10.92-1~bpo10+1","5.10.92-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50403.json"}},{"package":{"name":"linux","ecosystem":"Debian:12","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50403.json"}},{"package":{"name":"linux","ecosystem":"Debian:13","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50403.json"}},{"package":{"name":"linux","ecosystem":"Debian:14","purl":"pkg:deb/debian/linux?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.4-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50403.json"}}],"schema_version":"1.7.3"}