CVE-2022-50367
- Source
- https://cve.org/CVERecord?id=CVE-2022-50367
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50367.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50367
- Downstream
- Related
- Published
- 2025-09-17T14:56:23.190Z
- Modified
- 2026-04-11T12:44:57.040721Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- fs: fix UAF/GPF bug in nilfs_mdt_destroy
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
fs: fix UAF/GPF bug in nilfsmdtdestroy
In allocinode, inodeinitalways() could return -ENOMEM if securityinodealloc() fails, which causes inode->iprivate uninitialized. Then nilfsismetadatafileinode() returns true and nilfsfreeinode() wrongly calls nilfsmdtdestroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF).
Fix this by moving securityinodealloc just prior to thiscpuinc(nr_inodes)
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50367.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8
- https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9
- https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29
- https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115
- https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4
- https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452
- https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4
- https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad
- https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50367.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50367
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixedd1ff475d7c83289d0a7faef346ea3bbf90818badFixedc0aa76b0f17f59dd9c9d3463550a2986a1d592e4Fixedec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48Fixed70e4f70d54e0225f91814e8610477d65f33cefe4Fixed1e555c3ed1fce4b278aaebe18a64a934cece57d8Fixed64b79e632869ad3ef6c098a4731d559381da1115Fixed81de80330fa6907aec32eb54c5619059e6e36452Fixed2a96b532098284ecf8e4849b8b9e5fc7a28bdee9Fixed2e488f13755ffbb60f307e991b27024716a33b29
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.12Fixed4.9.331
- Type
- ECOSYSTEM
- Events
-
Introduced4.10.0Fixed4.14.296
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.262
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.218
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.148
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.73
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed5.19.15
- Type
- ECOSYSTEM
- Events
-
Introduced5.20.0Fixed6.0.1