PT-2025-18482 · Linux+2 · Linux Kernel+2
Published
2022-10-07
·
Updated
2026-03-14
·
CVE-2022-49765
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability has been resolved in the Linux kernel, specifically in the net/9p module. The issue involves inconsistent lock state in the
p9 req put() function, which can be caused by the use of different locking mechanisms in the client.c and trans fd.c files. The client.c file uses spin lock irqsave() to protect the IDR for FID/tag allocations, while the trans fd.c file uses spin lock() to protect its own request list and request status field. To resolve this issue, a dedicated spinlock has been introduced for trans fd.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Allocation of Resources Without Limits
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linux Kernel