CVE-2022-50367
HIGH EPSS 10.7%
Published Sep 17, 20259mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Sep 17, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
10.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 8
References 9
- git.kernel.org https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8
- git.kernel.org https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9
- git.kernel.org https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29
- git.kernel.org https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115
- git.kernel.org https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4
- git.kernel.org https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452
- git.kernel.org https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4
- git.kernel.org https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad
- git.kernel.org https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48
Remediation
- git.kernel.org https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8
- git.kernel.org https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9
- git.kernel.org https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29
- git.kernel.org https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115
- git.kernel.org https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4
- git.kernel.org https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452
- git.kernel.org https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4
- git.kernel.org https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad
- git.kernel.org https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48