CVE-2022-50072

{"id": "CVE-2022-50072", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-06-18T11:15:36.057", "references": [{"url": "https://git.kernel.org/stable/c/0fffb46ff3d5ed4668aca96441ec7a25b793bd6f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2135e5d56278ffdb1c2e6d325dc6b87f669b9dac", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/76ffd2042438769298f34b76102b40dea89de616", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b03d1117e9be7c7da60e466eaf9beed85c5916c8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7ee3b772d9de87387a725caa04bc041ac7fe5ec", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pnfs: Fix a use-after-free bug in open\n\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4/pnfs: corrige un error de Use-After-Free en open Si alguien cancela la llamada RPC open, entonces no debemos intentar liberar ni la ranura abierta ni los argumentos de la operaci\u00f3n layoutget, ya que es probable que a\u00fan est\u00e9n en uso por la llamada RPC colgada."}], "lastModified": "2025-11-17T18:00:37.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9D0E403-93CD-4ABF-8718-D5DAC1A93751", "versionEndExcluding": "4.19.256", "versionStartIncluding": "4.19.247"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C0BEDE1-12B6-4D8B-8C46-E1E2B8DAD97D", "versionEndExcluding": "5.4.211", "versionStartIncluding": "5.4.198"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1AA15B2-8A46-4621-BF63-41277E789CD7", "versionEndExcluding": "5.10.138", "versionStartIncluding": "5.10.122"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60A70FAB-2AB6-4E33-87C0-A0FD014B35A3", "versionEndExcluding": "5.15.63", "versionStartIncluding": "5.15.47"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF6ED63-C6AF-4B5E-9814-C77A3C45349D", "versionEndExcluding": "5.18", "versionStartIncluding": "5.17.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7288ED8D-A02E-44A5-9C8A-A50DF9C5AE7F", "versionEndExcluding": "5.19.4", "versionStartIncluding": "5.18.4"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}