github - ghsa-qp82-v3h4-hw29

ghsa-qp82-v3h4-hw29

Vulnerability from github

Published

2025-02-27 21:32

Modified

2025-02-27 21:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix potential use-after-free in nfsd_file_put()

nfsd_file_put_noref() can free @nf, so don't dereference @nf immediately upon return from nfsd_file_put_noref().

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49362"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:12Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix potential use-after-free in nfsd_file_put()\n\nnfsd_file_put_noref() can free @nf, so don\u0027t dereference @nf\nimmediately upon return from nfsd_file_put_noref().",
  "id": "GHSA-qp82-v3h4-hw29",
  "modified": "2025-02-27T21:32:13Z",
  "published": "2025-02-27T21:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49362"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/261eabe19cb28e4a8587a4442d257b543d7c2d57"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/333dcc94ebf53f79f3dc0e7a7c16700bc7ff7e57"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ada1757b259f353cade47037ee0a0249b4cddad3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-49362 (GCVE-0-2022-49362)

Vulnerability from cvelistv5

Published

2025-02-26 02:11

Modified

2025-05-04 08:36

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix potential use-after-free in nfsd_file_put() nfsd_file_put_noref() can free @nf, so don't dereference @nf immediately upon return from nfsd_file_put_noref().

References

►

URL

Tags

	https://git.kernel.org/stable/c/ada1757b259f353cade47037ee0a0249b4cddad3
	https://git.kernel.org/stable/c/261eabe19cb28e4a8587a4442d257b543d7c2d57
	https://git.kernel.org/stable/c/333dcc94ebf53f79f3dc0e7a7c16700bc7ff7e57
	https://git.kernel.org/stable/c/b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01

Impacted products

Vendor

Product

Version

►

Version: 9862064ca81f9b9da8ebe26c86cf2b10c293ba1a
Version: a98e5b3d958ac697aafb3d077eb2cca4a731b7ee
Version: 999397926ab3f78c7d1235cc4ca6e3c89d2769bf
Version: 999397926ab3f78c7d1235cc4ca6e3c89d2769bf

Version: 5.18

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-49362",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T18:16:34.174132Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T18:22:33.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/filecache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ada1757b259f353cade47037ee0a0249b4cddad3",
              "status": "affected",
              "version": "9862064ca81f9b9da8ebe26c86cf2b10c293ba1a",
              "versionType": "git"
            },
            {
              "lessThan": "261eabe19cb28e4a8587a4442d257b543d7c2d57",
              "status": "affected",
              "version": "a98e5b3d958ac697aafb3d077eb2cca4a731b7ee",
              "versionType": "git"
            },
            {
              "lessThan": "333dcc94ebf53f79f3dc0e7a7c16700bc7ff7e57",
              "status": "affected",
              "version": "999397926ab3f78c7d1235cc4ca6e3c89d2769bf",
              "versionType": "git"
            },
            {
              "lessThan": "b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01",
              "status": "affected",
              "version": "999397926ab3f78c7d1235cc4ca6e3c89d2769bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/filecache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.4",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix potential use-after-free in nfsd_file_put()\n\nnfsd_file_put_noref() can free @nf, so don\u0027t dereference @nf\nimmediately upon return from nfsd_file_put_noref()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:36:05.475Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ada1757b259f353cade47037ee0a0249b4cddad3"
        },
        {
          "url": "https://git.kernel.org/stable/c/261eabe19cb28e4a8587a4442d257b543d7c2d57"
        },
        {
          "url": "https://git.kernel.org/stable/c/333dcc94ebf53f79f3dc0e7a7c16700bc7ff7e57"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01"
        }
      ],
      "title": "NFSD: Fix potential use-after-free in nfsd_file_put()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49362",
    "datePublished": "2025-02-26T02:11:09.344Z",
    "dateReserved": "2025-02-26T02:08:31.547Z",
    "dateUpdated": "2025-05-04T08:36:05.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.