CVE-2022-24448

LOW
Published Feb 4, 20224y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Feb 4, 2022 4y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-755
CWE-908

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel* <5.16.5
debiandebian_linux9.0any
debiandebian_linux10.0any
debiandebian_linux11.0any

References 10

  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
    Mailing ListPatchRelease NotesVendor Advisory
  • git.kernel.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
    Mailing ListPatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
    PatchThird Party Advisory
  • github.com https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
    Mailing ListThird Party Advisory
  • lore.kernel.org https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/
  • debian.org https://www.debian.org/security/2022/dsa-5092
    Third Party Advisory
  • debian.org https://www.debian.org/security/2022/dsa-5096
    Third Party Advisory
  • spinics.net https://www.spinics.net/lists/stable/msg531976.html
    Mailing ListPatchThird Party Advisory

Remediation

  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
    Mailing ListPatchRelease NotesVendor Advisory
  • git.kernel.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
    Mailing ListPatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
    PatchThird Party Advisory
  • github.com https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
    PatchThird Party Advisory
  • spinics.net https://www.spinics.net/lists/stable/msg531976.html
    Mailing ListPatchThird Party Advisory