CVE-2022-49822

MEDIUM

Linux Kernel 5.0-5.15.80, 5.16.0-6.0.9 - Use-After-Free in CIFS Connection Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it will print the follow errors: CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST) Let's check the result of tlink setup, and do some cleanup.

References (4)

Core 4

Core References

https://git.kernel.org/stable/c/775d6625f96b26b90b9be9164b855ea2c471c0e5

Patch

https://git.kernel.org/stable/c/a9059e338fc000c0b87d8cf29e93c74fd703212e

Patch

https://git.kernel.org/stable/c/0a087842d10b5daa123ee5291e386cdd78413705

Patch

https://git.kernel.org/stable/c/1dcdf5f5b2137185cbdd5385f29949ab3da4f00c

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (14)

linux/Kernel 5.0.0 - 5.15.81linux

linux/Kernel 5.16.0 - 6.0.10linux

Linux/Linux < 5.0

Linux/Linux 5.0

Linux/Linux 5.10.258 - 5.10.*

Linux/Linux 5.15.81 - 5.15.*

Linux/Linux 56c762eb9bee330bb4e6d11c589434f2904d3ab6 - 0a087842d10b5daa123ee5291e386cdd78413705

Linux/Linux 56c762eb9bee330bb4e6d11c589434f2904d3ab6 - 1dcdf5f5b2137185cbdd5385f29949ab3da4f00c

Linux/Linux 56c762eb9bee330bb4e6d11c589434f2904d3ab6 - 775d6625f96b26b90b9be9164b855ea2c471c0e5

Linux/Linux 56c762eb9bee330bb4e6d11c589434f2904d3ab6 - a9059e338fc000c0b87d8cf29e93c74fd703212e

... and 4 more

Published May 01, 2025

Tracked Since Feb 18, 2026