CVE-2022-50348

Summary

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Fix a memory leak in an error handling path

If this memdup_user() call fails, the memory allocated in a previous call a few lines above should be freed. Otherwise it leaks.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6ee95d1c899186c0798cafd25998d436bcdb9618 < acc393aecda05bf64ed13b732931462e07a1bf08affected
LinuxLinux6ee95d1c899186c0798cafd25998d436bcdb9618 < e060c4b9f33c1fca74df26d57a98e784295327e6affected
LinuxLinux6ee95d1c899186c0798cafd25998d436bcdb9618 < aed8816305575b38dcc77feb6f1bc1d0ed32f5b8affected
LinuxLinux6ee95d1c899186c0798cafd25998d436bcdb9618 < 733dd17158f96aaa25408dc39bbb2738fda9300eaffected
LinuxLinux6ee95d1c899186c0798cafd25998d436bcdb9618 < cc3bca2110ac85cd964da997ef83d84cab0d49fbaffected
LinuxLinux6ee95d1c899186c0798cafd25998d436bcdb9618 < fd1ef88049de09bc70d60b549992524cfc0e66ffaffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.220 <= 5.4.*unaffected
LinuxLinux5.10.150 <= 5.10.*unaffected
LinuxLinux5.15.75 <= 5.15.*unaffected
LinuxLinux5.19.17 <= 5.19.*unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References