CVE-2022-50241Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free on source server when doing inter-server copy Use-after-free occurred when the laundromat tried to free expired cpntf_state entry on the s2s_cp_stateids list after inter-server copy completed. The sc_cp_list that the expired copy state was inserted on was already freed. When COPY completes, the Linux client normally sends LOCKU(lock_state x), FREE_STATEID(lock_state x) and CLOSE(open_state y) to the s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.115.15.75+3
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux624322f1adc58acd0b69f77a6ddc764207e97241bbacfcde5fff25ac22597e8373a065c647da6738+5
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50241: In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free on source server when doing inter-server copy Use-after-f2025-09-15
GHSA
GHSA-wc22-wv2f-7f64: In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free on source server when doing inter-server copy Use-after2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: NFSD: fix use-after-free on source server when doing inter-server copy2025-09-15
Debian
CVE-2022-50241: linux - In the Linux kernel, the following vulnerability has been resolved: NFSD: fix u...2022
CVE-2022-50241 — Use After Free in Linux | cvebase