CVE-2022-49938

MEDIUM

Linux Kernel < 5.15.66, 5.16.0-5.19.8 - Use-After-Free in SMB2_negotiate()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0

Patch

https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e

Patch

https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (14)

linux/Kernel 4.14.0 - 5.15.66linux

linux/Kernel 5.16.0 - 5.19.8linux

Linux/Linux < 4.14

Linux/Linux 1ae6f05d4204d3a128bb9ba2c42e2a6c4ac687f1

Linux/Linux 4.13.5 - 4.14

Linux/Linux 4.14

Linux/Linux 5.15.66 - 5.15.*

Linux/Linux 5.19.8 - 5.19.*

Linux/Linux 6.0

Linux/Linux 9764c02fcbad40001fd3f63558d918e4d519bb75 - 27893dfc1285f80f80f46b3b8c95f5d15d2e66d0

... and 4 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026