CVE-2022-50401Double Free in Linux

CWE-415Double Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure On error situation `clp->cl_cb_conn.cb_xprt` should not be given a reference to the xprt otherwise both client cleanup and the error handling path of the caller call to put it. Better to delay handing over the reference to a later branch. [ 72.530665] refcount_t: underflow; use-after-free. [ 72.531933] WARNING: CPU: 0 PID: 173 at lib/refcount.c:28 refcount_war

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.4.2294.5+8
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux69151594c72a1748cf93ae5b5fa68d5084253dce707bcca9616002d204091ca7c4d1d91151104332+11
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-3854-9jq2-j856: In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv42025-09-18
OSV
CVE-2022-50401: In the Linux kernel, the following vulnerability has been resolved: nfsd: under NFSv42025-09-18

📋Vendor Advisories

2
Red Hat
kernel: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure2025-09-18
Debian
CVE-2022-50401: linux - In the Linux kernel, the following vulnerability has been resolved: nfsd: under...2022
CVE-2022-50401 — Double Free in Linux | cvebase