CVE-2022-49362

HIGH

Linux Kernel 5.18-5.18.3 - Use-After-Free in nfsd_file_put_noref

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix potential use-after-free in nfsd_file_put() nfsd_file_put_noref() can free @nf, so don't dereference @nf immediately upon return from nfsd_file_put_noref().

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/ada1757b259f353cade47037ee0a0249b4cddad3

Patch

https://git.kernel.org/stable/c/261eabe19cb28e4a8587a4442d257b543d7c2d57

Patch

https://git.kernel.org/stable/c/333dcc94ebf53f79f3dc0e7a7c16700bc7ff7e57

Patch

https://git.kernel.org/stable/c/b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 15.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (11)

linux/Kernel 5.18.0 - 5.18.4linux

Linux/Linux < 5.18

Linux/Linux 5.18

Linux/Linux 5.18.4 - 5.18.*

Linux/Linux 5.19

Linux/Linux 9862064ca81f9b9da8ebe26c86cf2b10c293ba1a - ada1757b259f353cade47037ee0a0249b4cddad3

Linux/Linux 999397926ab3f78c7d1235cc4ca6e3c89d2769bf - 333dcc94ebf53f79f3dc0e7a7c16700bc7ff7e57

Linux/Linux 999397926ab3f78c7d1235cc4ca6e3c89d2769bf - b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01

Linux/Linux a98e5b3d958ac697aafb3d077eb2cca4a731b7ee - 261eabe19cb28e4a8587a4442d257b543d7c2d57

linux/linux_kernel 5.19 rc1

... and 1 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026