FKIE_CVE-2022-49927

Vulnerability from fkie_nvd - Published: 2025-05-01 15:16 - Updated: 2025-10-01 15:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: nfs4: Fix kmemleak when allocate slot failed If one of the slot allocate failed, should cleanup all the other allocated slots, otherwise, the allocated slots will leak: unreferenced object 0xffff8881115aa100 (size 64): comm ""mount.nfs"", pid 679, jiffies 4294744957 (age 115.037s) hex dump (first 32 bytes): 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000007a4c434a>] nfs4_find_or_create_slot+0x8e/0x130 [<000000005472a39c>] nfs4_realloc_slot_table+0x23f/0x270 [<00000000cd8ca0eb>] nfs40_init_client+0x4a/0x90 [<00000000128486db>] nfs4_init_client+0xce/0x270 [<000000008d2cacad>] nfs4_set_client+0x1a2/0x2b0 [<000000000e593b52>] nfs4_create_server+0x300/0x5f0 [<00000000e4425dd2>] nfs4_try_get_tree+0x65/0x110 [<00000000d3a6176f>] vfs_get_tree+0x41/0xf0 [<0000000016b5ad4c>] path_mount+0x9b3/0xdd0 [<00000000494cae71>] __x64_sys_mount+0x190/0x1d0 [<000000005d56bdec>] do_syscall_64+0x35/0x80 [<00000000687c9ae4>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/24641993a7dce6b1628645f4e1d97ca06c9f765dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/45aea4fbf61e205649c29200726b9f45c1718a67Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7e8436728e22181c3f12a5dbabd35ed3a8b8c593Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/84b5cb476903003ae9ca88f32b57ff0eaefa6d4cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/86ce0e93cf6fb4d0c447323ac66577c642628b9dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/925cb538bd5851154602818dc80bf4b4d924c127Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aae35a0c8a775fa4afa6a4e7dab3f936f1f89bbbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/db333ae981fb8843c383aa7dbf62cc682597d401Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.1
linux linux_kernel 6.1
linux linux_kernel 6.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DC6E81-B320-4B74-8FB7-5362344C1DB1",
              "versionEndExcluding": "4.9.333",
              "versionStartIncluding": "3.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE9A829-20E8-4929-AE9B-02761322A926",
              "versionEndExcluding": "4.14.299",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABED5D97-9B16-4CF6-86E3-D5F5C4358E35",
              "versionEndExcluding": "4.19.265",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D67A077-EB45-4ADE-94CD-F9A76F6C319C",
              "versionEndExcluding": "5.4.224",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "475D097C-AB5A-4CF5-899F-413077854ABD",
              "versionEndExcluding": "5.10.154",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1",
              "versionEndExcluding": "5.15.78",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9A754E-625D-42F3-87A7-960D643E2867",
              "versionEndExcluding": "6.0.8",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4: Fix kmemleak when allocate slot failed\n\nIf one of the slot allocate failed, should cleanup all the other\nallocated slots, otherwise, the allocated slots will leak:\n\n  unreferenced object 0xffff8881115aa100 (size 64):\n    comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (age 115.037s)\n    hex dump (first 32 bytes):\n      00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff  ...s......Z.....\n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    backtrace:\n      [\u003c000000007a4c434a\u003e] nfs4_find_or_create_slot+0x8e/0x130\n      [\u003c000000005472a39c\u003e] nfs4_realloc_slot_table+0x23f/0x270\n      [\u003c00000000cd8ca0eb\u003e] nfs40_init_client+0x4a/0x90\n      [\u003c00000000128486db\u003e] nfs4_init_client+0xce/0x270\n      [\u003c000000008d2cacad\u003e] nfs4_set_client+0x1a2/0x2b0\n      [\u003c000000000e593b52\u003e] nfs4_create_server+0x300/0x5f0\n      [\u003c00000000e4425dd2\u003e] nfs4_try_get_tree+0x65/0x110\n      [\u003c00000000d3a6176f\u003e] vfs_get_tree+0x41/0xf0\n      [\u003c0000000016b5ad4c\u003e] path_mount+0x9b3/0xdd0\n      [\u003c00000000494cae71\u003e] __x64_sys_mount+0x190/0x1d0\n      [\u003c000000005d56bdec\u003e] do_syscall_64+0x35/0x80\n      [\u003c00000000687c9ae4\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfs4: Se corrige kmemleak cuando falla la asignaci\u00f3n de ranura Si falla la asignaci\u00f3n de una ranura, se deben limpiar todas las dem\u00e1s ranuras asignadas, de lo contrario, las ranuras asignadas tendr\u00e1n fugas: objeto sin referencia 0xffff8881115aa100 (tama\u00f1o 64): comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (edad 115.037s) volcado hexadecimal (primeros 32 bytes): 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ seguimiento inverso:[\u0026lt;000000007a4c434a\u0026gt;] nfs4_find_or_create_slot+0x8e/0x130 [\u0026lt;000000005472a39c\u0026gt;] nfs4_realloc_slot_table+0x23f/0x270 [\u0026lt;00000000cd8ca0eb\u0026gt;] nfs40_init_client+0x4a/0x90 [\u0026lt;00000000128486db\u0026gt;] nfs4_init_client+0xce/0x270 [\u0026lt;000000008d2cacad\u0026gt;] nfs4_set_client+0x1a2/0x2b0 [\u0026lt;000000000e593b52\u0026gt;] nfs4_create_server+0x300/0x5f0 [\u0026lt;00000000e4425dd2\u0026gt;] nfs4_try_get_tree+0x65/0x110 [\u0026lt;00000000d3a6176f\u0026gt;] vfs_get_tree+0x41/0xf0 [\u0026lt;0000000016b5ad4c\u0026gt;] path_mount+0x9b3/0xdd0 [\u0026lt;00000000494cae71\u0026gt;] __x64_sys_mount+0x190/0x1d0 [\u0026lt;000000005d56bdec\u0026gt;] do_syscall_64+0x35/0x80 [\u0026lt;00000000687c9ae4\u0026gt;] entry_SYSCALL_64_after_hwframe+0x46/0xb0 "
    }
  ],
  "id": "CVE-2022-49927",
  "lastModified": "2025-10-01T15:15:39.010",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-01T15:16:18.657",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/24641993a7dce6b1628645f4e1d97ca06c9f765d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/45aea4fbf61e205649c29200726b9f45c1718a67"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7e8436728e22181c3f12a5dbabd35ed3a8b8c593"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/84b5cb476903003ae9ca88f32b57ff0eaefa6d4c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/86ce0e93cf6fb4d0c447323ac66577c642628b9d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/925cb538bd5851154602818dc80bf4b4d924c127"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/aae35a0c8a775fa4afa6a4e7dab3f936f1f89bbb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/db333ae981fb8843c383aa7dbf62cc682597d401"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.