CVE-2022-49316

MEDIUM

Linux Kernel < 4.19.247 NFSv4 Layoutget Lock Deadlock DoS

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr(). The reason is that those calls could trigger a recall, which could deadlock.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010

Patch

https://git.kernel.org/stable/c/a2b3be930e79cc5d9d829f158e31172b2043f0cd

Patch

https://git.kernel.org/stable/c/0ee5b9644f06b4d3cdcd9544f43f63312e425a4c

Patch

https://git.kernel.org/stable/c/d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e

Patch

https://git.kernel.org/stable/c/08d7a26d115cc7892668baa9750f64bd8baca29b

Patch

https://git.kernel.org/stable/c/ea759ae0a9ae5acee677d722129710ac89cc59c1

Patch

https://git.kernel.org/stable/c/6949493884fe88500de4af182588e071cf1544ee

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (23)

linux/Kernel 4.18.0 - 4.19.247linux

linux/Kernel 4.20.0 - 5.4.198linux

linux/Kernel 5.11.0 - 5.15.47linux

linux/Kernel 5.16.0 - 5.17.15linux

linux/Kernel 5.18.0 - 5.18.4linux

linux/Kernel 5.5.0 - 5.10.122linux

Linux/Linux < 4.18

Linux/Linux 4.18

Linux/Linux 4.19.247 - 4.19.*

Linux/Linux 5.10.122 - 5.10.*

... and 13 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026