CVE-2022-50348

nfsd: Fix a memory leak in an error handling path

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call
a few lines above should be freed. Otherwise it leaks.

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later.

*Credits: N/A

CVSS Scores

CISAv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-09-16 CVE Reserved
2025-09-16 CVE Published
2026-01-14 CVE Updated
2026-04-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime
CWE-772: Missing Release of Resource after Effective Lifetime

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/6ee95d1c899186c0798cafd25998d436bcdb9618	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/acc393aecda05bf64ed13b732931462e07a1bf08	2022-10-26
https://git.kernel.org/stable/c/e060c4b9f33c1fca74df26d57a98e784295327e6	2022-10-26
https://git.kernel.org/stable/c/aed8816305575b38dcc77feb6f1bc1d0ed32f5b8	2022-10-26
https://git.kernel.org/stable/c/733dd17158f96aaa25408dc39bbb2738fda9300e	2022-10-24
https://git.kernel.org/stable/c/cc3bca2110ac85cd964da997ef83d84cab0d49fb	2022-10-21
https://git.kernel.org/stable/c/fd1ef88049de09bc70d60b549992524cfc0e66ff	2022-09-26

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-50348	2023-11-14
https://bugzilla.redhat.com/show_bug.cgi?id=2395851	2023-11-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.4.220 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.10.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.15.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.15.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.19.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.19.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.0.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.0.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 6.1"		en		Affected