PT-2022-7112 · Linux+5 · Linux Kernel+5

Butt3Rflyh4Ck

+2

·

Published

2022-08-23

·

Updated

2025-10-23

·

CVE-2022-2978

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel NILFS file system (affected versions not specified)
Description The issue is related to a use after free flaw in the Linux kernel NILFS file system. This flaw can be triggered when a user causes the security inode alloc function to fail, followed by a call to the nilfs mdt destroy function. A local user could exploit this issue to crash the system or potentially escalate their privileges. The exploitation may also allow an attacker to access confidential data, compromise their integrity, and cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-2809
ALT-PU-2022-2844
ALT-PU-2022-2849
ALT-PU-2022-2860
ALT-PU-2022-2864
ALT-PU-2022-2867
ALT-PU-2022-2875
ALT-PU-2022-2915
ALT-PU-2022-2919
ALT-PU-2022-2951
ALT-PU-2022-2965
ALT-PU-2022-2968
ALT-PU-2022-2970
ALT-PU-2022-2975
ALT-PU-2022-3061
ALT-PU-2023-4894
BDU:2023-07631
CVE-2022-2978
DLA-3245-1
OESA-2022-2045
OPENSUSE-SU-2022_3897-1
OPENSUSE-SU-2022_3998-1
OPENSUSE-SU-2022_4053-1
OPENSUSE-SU-2022_4072-1
OPENSUSE-SU-2022_4617-1
SUSE-SU-2022:3897-1
SUSE-SU-2022:3929-1
SUSE-SU-2022:3998-1
SUSE-SU-2022:4053-1
SUSE-SU-2022:4072-1
SUSE-SU-2022:4589-1
SUSE-SU-2022:4614-1
SUSE-SU-2022:4617-1
SUSE-SU-2025:03613-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03626-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3761-1
USN-5650-1
USN-5693-1
USN-5727-1
USN-5727-2
USN-5728-1
USN-5728-2
USN-5728-3
USN-5729-1
USN-5729-2
USN-5774-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu