CVE-2022-50302 — Access of Uninitialized Pointer in Linux

CWE-824 — Access of Uninitialized Pointer4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel

Timeline

PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the fl_file field is NULL.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel5.15.56 — 5.15.86+4

▶Ubuntulinux/linux_kernel< 5.15.0-69.76

▶CVEListV5linux/linux486c1acf14233b1ff7b37e6f026a737a2f7f53f1 — 31c93ee5f1e4dc278b562e20f3c3274ac34997f3+6

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2022-50302: In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the s↗2025-09-15

▶

GHSA

GHSA-wj7r-jvv5-837p: In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the↗2025-09-15

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel lockd: Denial of Service via uninitialized file lock field in NFSv3↗2025-09-15

▶