CVE-2022-50076

MEDIUM

Linux Kernel 5.13.12-5.14 - Use-After-Free in CIFS Deferred Close

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 (size 64): comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s) hex dump (first 32 bytes): 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z......x..c.... 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .q.v............ backtrace: [<00000000ad04e6ea>] cifs_close+0x92/0x2c0 [<0000000028b93c82>] __fput+0xff/0x3f0 [<00000000d8116851>] task_work_run+0x85/0xc0 [<0000000027e14f9e>] do_exit+0x5e5/0x1240 [<00000000fb492b95>] do_group_exit+0x58/0xe0 [<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30 [<00000000e3f7d8e9>] do_syscall_64+0x35/0x80 [<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 When cancel the deferred close work, we should also cleanup the struct cifs_deferred_close.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/860efae127888ae535bc4eda1b7f27642727c69e

Patch

https://git.kernel.org/stable/c/60b6d38add7b9c17d6e5d49ee8e930ea1a5650c5

Patch

https://git.kernel.org/stable/c/ca08d0eac020d48a3141dbec0a3cf64fbdb17cde

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (13)

Linux/Linux < 5.14

Linux/Linux 0ca6ac8a2691762307beaa4841255d1cfe6b2684

Linux/Linux 5.13.12 - 5.14

Linux/Linux 5.14

Linux/Linux 5.15.63 - 5.15.*

Linux/Linux 5.19.4 - 5.19.*

Linux/Linux 6.0

Linux/Linux 9e992755be8f2d458a0bcbefd19e493483c1dba2 - 60b6d38add7b9c17d6e5d49ee8e930ea1a5650c5

Linux/Linux 9e992755be8f2d458a0bcbefd19e493483c1dba2 - 860efae127888ae535bc4eda1b7f27642727c69e

Linux/Linux 9e992755be8f2d458a0bcbefd19e493483c1dba2 - ca08d0eac020d48a3141dbec0a3cf64fbdb17cde

... and 3 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026