CVE-2022-50072

Summary

In the Linux kernel, the following vulnerability has been resolved:

NFSv4/pnfs: Fix a use-after-free bug in open

If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 < 0fffb46ff3d5ed4668aca96441ec7a25b793bd6faffected
LinuxLinuxa2b3be930e79cc5d9d829f158e31172b2043f0cd < f7ee3b772d9de87387a725caa04bc041ac7fe5ecaffected
LinuxLinux0ee5b9644f06b4d3cdcd9544f43f63312e425a4c < 76ffd2042438769298f34b76102b40dea89de616affected
LinuxLinuxd4c2a041ed3ba114502d5ed6ace5b1a48d637a8e < a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1affected
LinuxLinux6949493884fe88500de4af182588e071cf1544ee < b03d1117e9be7c7da60e466eaf9beed85c5916c8affected
LinuxLinux6949493884fe88500de4af182588e071cf1544ee < 2135e5d56278ffdb1c2e6d325dc6b87f669b9dacaffected
LinuxLinux08d7a26d115cc7892668baa9750f64bd8baca29baffected
LinuxLinuxea759ae0a9ae5acee677d722129710ac89cc59c1affected
LinuxLinux4.19.247 < 4.19.256affected
LinuxLinux5.4.198 < 5.4.211affected
LinuxLinux5.10.122 < 5.10.138affected
LinuxLinux5.15.47 < 5.15.63affected
LinuxLinux5.17.15 < 5.18affected
LinuxLinux5.18.4 < 5.19affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux4.19.256 <= 4.19.*unaffected
LinuxLinux5.4.211 <= 5.4.*unaffected
LinuxLinux5.10.138 <= 5.10.*unaffected
LinuxLinux5.15.63 <= 5.15.*unaffected
LinuxLinux5.19.4 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References