{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50072", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.407Z", "datePublished": "2025-06-18T11:02:16.658Z", "dateUpdated": "2025-06-18T11:02:16.658Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-18T11:02:16.658Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pnfs: Fix a use-after-free bug in open\n\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/nfs4proc.c"], "versions": [{"version": "6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010", "lessThan": "0fffb46ff3d5ed4668aca96441ec7a25b793bd6f", "status": "affected", "versionType": "git"}, {"version": "a2b3be930e79cc5d9d829f158e31172b2043f0cd", "lessThan": "f7ee3b772d9de87387a725caa04bc041ac7fe5ec", "status": "affected", "versionType": "git"}, {"version": "0ee5b9644f06b4d3cdcd9544f43f63312e425a4c", "lessThan": "76ffd2042438769298f34b76102b40dea89de616", "status": "affected", "versionType": "git"}, {"version": "d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e", "lessThan": "a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1", "status": "affected", "versionType": "git"}, {"version": "6949493884fe88500de4af182588e071cf1544ee", "lessThan": "b03d1117e9be7c7da60e466eaf9beed85c5916c8", "status": "affected", "versionType": "git"}, {"version": "6949493884fe88500de4af182588e071cf1544ee", "lessThan": "2135e5d56278ffdb1c2e6d325dc6b87f669b9dac", "status": "affected", "versionType": "git"}, {"version": "08d7a26d115cc7892668baa9750f64bd8baca29b", "status": "affected", "versionType": "git"}, {"version": "ea759ae0a9ae5acee677d722129710ac89cc59c1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/nfs4proc.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.256", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.211", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.138", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.63", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.4", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.247", "versionEndExcluding": "4.19.256"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.198", "versionEndExcluding": "5.4.211"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.122", "versionEndExcluding": "5.10.138"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.47", "versionEndExcluding": "5.15.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "5.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0fffb46ff3d5ed4668aca96441ec7a25b793bd6f"}, {"url": "https://git.kernel.org/stable/c/f7ee3b772d9de87387a725caa04bc041ac7fe5ec"}, {"url": "https://git.kernel.org/stable/c/76ffd2042438769298f34b76102b40dea89de616"}, {"url": "https://git.kernel.org/stable/c/a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1"}, {"url": "https://git.kernel.org/stable/c/b03d1117e9be7c7da60e466eaf9beed85c5916c8"}, {"url": "https://git.kernel.org/stable/c/2135e5d56278ffdb1c2e6d325dc6b87f669b9dac"}], "title": "NFSv4/pnfs: Fix a use-after-free bug in open", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pnfs: Fix a use-after-free bug in open\n\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call."}], "id": "CVE-2022-50072", "lastModified": "2025-06-18T13:47:40.833", "metrics": {}, "published": "2025-06-18T11:15:36.057", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0fffb46ff3d5ed4668aca96441ec7a25b793bd6f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2135e5d56278ffdb1c2e6d325dc6b87f669b9dac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/76ffd2042438769298f34b76102b40dea89de616"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4cf3dadd1fa43609f7c6570c9116b0e0a9923d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b03d1117e9be7c7da60e466eaf9beed85c5916c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f7ee3b772d9de87387a725caa04bc041ac7fe5ec"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "kernel: NFSv4/pnfs: Fix a use-after-free bug in open", "id": "2373562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373562"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-763", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nNFSv4/pnfs: Fix a use-after-free bug in open\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call."], "name": "CVE-2022-50072", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50072\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50072\nhttps://lore.kernel.org/linux-cve-announce/2025061853-CVE-2022-50072-de2b@gregkh/T"], "threat_severity": "Moderate"}