{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49655", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:21:30.434Z", "datePublished": "2025-02-26T02:23:55.483Z", "dateUpdated": "2025-05-04T08:42:40.760Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:42:40.760Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: Fix invalidation/lookup race\n\nIf an NFS file is opened for writing and closed, fscache_invalidate() will\nbe asked to invalidate the file - however, if the cookie is in the\nLOOKING_UP state (or the CREATING state), then request to invalidate\ndoesn't get recorded for fscache_cookie_state_machine() to do something\nwith.\n\nFix this by making __fscache_invalidate() set a flag if it sees the cookie\nis in the LOOKING_UP state to indicate that we need to go to invalidation.\nNote that this requires a count on the n_accesses counter for the state\nmachine, which that will release when it's done.\n\nfscache_cookie_state_machine() then shifts to the INVALIDATING state if it\nsees the flag.\n\nWithout this, an nfs file can get corrupted if it gets modified locally and\nthen read locally as the cache contents may not get updated."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fscache/cookie.c", "include/linux/fscache.h"], "versions": [{"version": "d24af13e2e2358a602740c7817ea90da43d3e740", "lessThan": "b1ae9f617f8a5c848d9205b8e228c6f0d1af754b", "status": "affected", "versionType": "git"}, {"version": "d24af13e2e2358a602740c7817ea90da43d3e740", "lessThan": "85e4ea1049c70fb99de5c6057e835d151fb647da", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/fscache/cookie.c", "include/linux/fscache.h"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.11", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "5.18.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b1ae9f617f8a5c848d9205b8e228c6f0d1af754b"}, {"url": "https://git.kernel.org/stable/c/85e4ea1049c70fb99de5c6057e835d151fb647da"}], "title": "fscache: Fix invalidation/lookup race", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfscache: Fix invalidation/lookup race\n\nIf an NFS file is opened for writing and closed, fscache_invalidate() will\nbe asked to invalidate the file - however, if the cookie is in the\nLOOKING_UP state (or the CREATING state), then request to invalidate\ndoesn't get recorded for fscache_cookie_state_machine() to do something\nwith.\n\nFix this by making __fscache_invalidate() set a flag if it sees the cookie\nis in the LOOKING_UP state to indicate that we need to go to invalidation.\nNote that this requires a count on the n_accesses counter for the state\nmachine, which that will release when it's done.\n\nfscache_cookie_state_machine() then shifts to the INVALIDATING state if it\nsees the flag.\n\nWithout this, an nfs file can get corrupted if it gets modified locally and\nthen read locally as the cache contents may not get updated."}], "id": "CVE-2022-49655", "lastModified": "2025-02-26T07:01:40.600", "metrics": {}, "published": "2025-02-26T07:01:40.600", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/85e4ea1049c70fb99de5c6057e835d151fb647da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b1ae9f617f8a5c848d9205b8e228c6f0d1af754b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"affected_release": [{"advisory": "RHSA-2023:2458", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "kernel: fscache: Fix invalidation/lookup race", "id": "2347645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347645"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfscache: Fix invalidation/lookup race\nIf an NFS file is opened for writing and closed, fscache_invalidate() will\nbe asked to invalidate the file - however, if the cookie is in the\nLOOKING_UP state (or the CREATING state), then request to invalidate\ndoesn't get recorded for fscache_cookie_state_machine() to do something\nwith.\nFix this by making __fscache_invalidate() set a flag if it sees the cookie\nis in the LOOKING_UP state to indicate that we need to go to invalidation.\nNote that this requires a count on the n_accesses counter for the state\nmachine, which that will release when it's done.\nfscache_cookie_state_machine() then shifts to the INVALIDATING state if it\nsees the flag.\nWithout this, an nfs file can get corrupted if it gets modified locally and\nthen read locally as the cache contents may not get updated."], "name": "CVE-2022-49655", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49655\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49655\nhttps://lore.kernel.org/linux-cve-announce/2025022621-CVE-2022-49655-0370@gregkh/T"], "threat_severity": "Moderate"}