CVE-2022-50241

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue existed in the Linux kernel's Network File System Daemon (NFSD) when handling inter-server copies. Specifically, the vulnerability occurred when the nfsd4 close open stateid function freed lock states without first cleaning up associated copy state information on the sc cp list. This resulted in a use-after-free error when the laundromat attempted to free an expired copy state after the lock state had already been freed, leading to a BAD STATEID return. The issue stemmed from a race condition where a CLOSE request could arrive before a FREE STATEID request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-02173

CVE-2022-50241

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

CVE-2022-50241

Weakness Enumeration

Related Identifiers

Affected Products

References · 867