PT-2025-38177 · Linux+6 · Linux Kernel+6

Publicado

2022-09-01

·

Atualizado

2026-01-21

·

CVE-2022-50367

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the nilfs mdt destroy function related to uninitialized inode private data. Specifically, if security inode alloc() fails during inode allocation (alloc inode), the inode->i private field remains uninitialized. Subsequently, nilfs is metadata file inode() may incorrectly identify the inode as a metadata file, leading to a call to nilfs free inode() and ultimately nilfs mdt destroy() with the uninitialized inode->i private. This can result in crashes, potentially leading to a Use-After-Free (UAF) or General Protection Fault (GPF).
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2025:19409
ALSA-2025:19931
ALSA-2025:19932
ALSA-2025_16880
ALSA-2025_18281
ALSA-2025_19102
ALSA-2025_19103
ALSA-2025_19409
ALSA-2025_19931
ALSA-2025_19932
BDU:2026-02180
CESA-2025_19931
CESA-2025_19932
CVE-2022-50367
INFSA-2025_19409
INFSA-2025_19931
INFSA-2025_19932
INFSA-2025_21112
RHSA-2025:19409
RHSA-2025:19886
RHSA-2025:19931
RHSA-2025:19932
RHSA-2025:21051
RHSA-2025:21083
RHSA-2025:21091
RHSA-2025:21112
RHSA-2025:21128
RHSA-2025:21136
RHSA-2025_19409
RHSA-2025_19931
RHSA-2025_19932
RHSA-2025_21112
SUSE-SU-2025:03613-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03626-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4189-1
SUSE-SU-2026:0154-1
SUSE-SU-2026:0155-1
SUSE-SU-2026:0200-1

Produtos afetados

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse