CVE-2022-0480
published 2022-08-29CVE-2022-0480: A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.15.3-1 (bookworm) | linux 5.15.3-1 (bookworm) |
| linux | linux_kernel | < 5.15 | 5.15 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.15.3-1 | 5.15.3-1 |
| linux | linux_kernel | >= 0 < 5.15.3-1 | 5.15.3-1 |
| linux | linux_kernel | >= 0 < 5.15.3-1 | 5.15.3-1 |
| msrc | cm1_kernel_5.10.189.1-1_on_cbl_mariner_1.0 | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM
GHSA
GHSA-gjf9-j6hw-q3hj: A flaw was found in the filelock_init in fs/locks
ghsa_unreviewed·2022-08-29
CVE-2022-0480 [MEDIUM] CWE-770 GHSA-gjf9-j6hw-q3hj: A flaw was found in the filelock_init in fs/locks
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
OSV
CVE-2022-0480: A flaw was found in the filelock_init in fs/locks
osv·2022-08-29·CVSS 5.5
CVE-2022-0480 [MEDIUM] CVE-2022-0480: A flaw was found in the filelock_init in fs/locks
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
Microsoft
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interf
vendor_msrc·2022-08-09·CVSS 5.5
CVE-2022-0480 [MEDIUM] CWE-770 A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interf
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identif
Red Hat
kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion
vendor_redhat·2022-01-03·CVSS 5.5
CVE-2022-0480 [MEDIUM] CWE-770 kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion
kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Package: kernel
Debian
CVE-2022-0480: linux - A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel...
vendor_debian·2022·CVSS 5.5
CVE-2022-0480 [MEDIUM] CVE-2022-0480: linux - A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel...
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
Scope: local
bookworm: resolved (fixed in 5.15.3-1)
bullseye: open
forky: resolved (fixed in 5.15.3-1)
sid: resolved (fixed in 5.15.3-1)
trixie: resolved (fixed in 5.15.3-1)
No detection rules found.
No public exploits indexed.
https://access.redhat.com/security/cve/CVE-2022-0480https://bugzilla.redhat.com/show_bug.cgi?id=2049700https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042https://github.com/kata-containers/kata-containers/issues/3373https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/https://ubuntu.com/security/CVE-2022-0480https://access.redhat.com/security/cve/CVE-2022-0480https://bugzilla.redhat.com/show_bug.cgi?id=2049700https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042https://github.com/kata-containers/kata-containers/issues/3373https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/https://ubuntu.com/security/CVE-2022-0480
2022-08-29
Published