FKIE_CVE-2022-49064

Vulnerability from fkie_nvd - Published: 2025-02-26 07:00 - Updated: 2025-10-14 19:04
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cachefiles_open_file(), Cachefiles will complain "Inode already in use" when later another cookie with the same index key is looked up. If the in-use flag leakage occurs in cachefiles_create_tmpfile(), though the "Inode already in use" warning won't be triggered, fix the leakage anyway.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b2055abafd3d4ee0376fb3eed5cae866316995a1Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ea5dc046127e857a7873ae55fd57c866e9e86fb2Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel 5.18
linux linux_kernel 5.18
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D8CC4C-A7BD-4651-8B8B-B5D5AABB585E",
              "versionEndExcluding": "5.17.4",
              "versionStartIncluding": "5.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7AB06DDF-3C2B-416D-B448-E990D8FF67A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: unmark inode in use in error path\n\nUnmark inode in use if error encountered. If the in-use flag leakage\noccurs in cachefiles_open_file(), Cachefiles will complain \"Inode\nalready in use\" when later another cookie with the same index key is\nlooked up.\n\nIf the in-use flag leakage occurs in cachefiles_create_tmpfile(), though\nthe \"Inode already in use\" warning won\u0027t be triggered, fix the leakage\nanyway."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: desmarcar inodo en uso en ruta de error Desmarcar inodo en uso si se encuentra un error. Si la fuga de la bandera en uso ocurre en cachefiles_open_file(), Cachefiles mostrar\u00e1 el mensaje \"Inodo ya en uso\" cuando m\u00e1s tarde se busque otra cookie con la misma clave de \u00edndice. Si la fuga de la bandera en uso ocurre en cachefiles_create_tmpfile(), aunque no se active la advertencia \"Inodo ya en uso\", solucione la fuga de todos modos."
    }
  ],
  "id": "CVE-2022-49064",
  "lastModified": "2025-10-14T19:04:27.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-26T07:00:43.637",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b2055abafd3d4ee0376fb3eed5cae866316995a1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ea5dc046127e857a7873ae55fd57c866e9e86fb2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.