| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061853-CVE-2022-50072-de2b@gregkh> Date: Wed, 18 Jun 2025 13:02:17 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50072: NFSv4/pnfs: Fix a use-after-free bug in open From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call. The Linux kernel CVE team has assigned CVE-2022-50072 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19.247 with commit 6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 and fixed in 4.19.256 with commit 0fffb46ff3d5ed4668aca96441ec7a25b793bd6f Issue introduced in 5.4.198 with commit a2b3be930e79cc5d9d829f158e31172b2043f0cd and fixed in 5.4.211 with commit f7ee3b772d9de87387a725caa04bc041ac7fe5ec Issue introduced in 5.10.122 with commit 0ee5b9644f06b4d3cdcd9544f43f63312e425a4c and fixed in 5.10.138 with commit 76ffd2042438769298f34b76102b40dea89de616 Issue introduced in 5.15.47 with commit d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e and fixed in 5.15.63 with commit a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1 Issue introduced in 5.19 with commit 6949493884fe88500de4af182588e071cf1544ee and fixed in 5.19.4 with commit b03d1117e9be7c7da60e466eaf9beed85c5916c8 Issue introduced in 5.19 with commit 6949493884fe88500de4af182588e071cf1544ee and fixed in 6.0 with commit 2135e5d56278ffdb1c2e6d325dc6b87f669b9dac Issue introduced in 5.17.15 with commit 08d7a26d115cc7892668baa9750f64bd8baca29b Issue introduced in 5.18.4 with commit ea759ae0a9ae5acee677d722129710ac89cc59c1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50072 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nfs/nfs4proc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0fffb46ff3d5ed4668aca96441ec7a25b793bd6f https://git.kernel.org/stable/c/f7ee3b772d9de87387a725caa04bc041ac7fe5ec https://git.kernel.org/stable/c/76ffd2042438769298f34b76102b40dea89de616 https://git.kernel.org/stable/c/a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1 https://git.kernel.org/stable/c/b03d1117e9be7c7da60e466eaf9beed85c5916c8 https://git.kernel.org/stable/c/2135e5d56278ffdb1c2e6d325dc6b87f669b9dac
Powered by blists - more mailing lists