CVE-2022-0480
MEDIUMLinux Kernel < 5.15 - Denial of Service via Unlimited POSIX File Lock Allocation
Title source: llmDescription
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
References (6)
Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/kata-containers/kata-containers/issues/3373
Vendor Advisory x_refsource_misc
https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2049700
Patch x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2022-0480
Third Party Advisory x_refsource_misc
https://ubuntu.com/security/CVE-2022-0480
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
6.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (2)
linux/linux_kernel
< 5.15
redhat/enterprise_linux
9.0
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026