-

CVE-2022-50367

EPSS 0.04%
Veröffentlicht 17.09.2025 14:56:23
Zuletzt bearbeitet 18.09.2025 13:43:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

fs: fix UAF/GPF bug in nilfs_mdt_destroy

In alloc_inode, inode_init_always() could return -ENOMEM if
security_inode_alloc() fails, which causes inode->i_private
uninitialized. Then nilfs_is_metadata_file_inode() returns
true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),
which frees the uninitialized inode->i_private
and leads to crashes(e.g., UAF/GPF).

Fix this by moving security_inode_alloc just prior to
this_cpu_inc(nr_inodes)

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d1ff475d7c83289d0a7faef346ea3bbf90818bad

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < c0aa76b0f17f59dd9c9d3463550a2986a1d592e4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 70e4f70d54e0225f91814e8610477d65f33cefe4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1e555c3ed1fce4b278aaebe18a64a934cece57d8

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 64b79e632869ad3ef6c098a4731d559381da1115

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 81de80330fa6907aec32eb54c5619059e6e36452

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2a96b532098284ecf8e4849b8b9e5fc7a28bdee9

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2e488f13755ffbb60f307e991b27024716a33b29

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.9.*

Version 4.9.331

Status unaffected

Version <= 4.14.*

Version 4.14.296

Status unaffected

Version <= 4.19.*

Version 4.19.262

Status unaffected

Version <= 5.4.*

Version 5.4.218

Status unaffected

Version <= 5.10.*

Version 5.10.148

Status unaffected

Version <= 5.15.*

Version 5.15.73

Status unaffected

Version <= 5.19.*

Version 5.19.15

Status unaffected

Version <= 6.0.*

Version 6.0.1

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad

https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4

https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48

https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4

https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8

https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115

https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452

https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9

https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29

https://nvd.nist.gov/vuln/detail/CVE-2022-50367

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50367

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50367

EUVD