CVE-2022-49938

Published: Jun 18, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool.

Vendor	Product	Versions
Linux	Linux	affected `9764c02fcbad40001fd3f63558d918e4d519bb75 - < 9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0` affected `9764c02fcbad40001fd3f63558d918e4d519bb75 - < 38a6b469bf22f153282fbe7d702a24e9eb43f50e` affected `9764c02fcbad40001fd3f63558d918e4d519bb75 - < 27893dfc1285f80f80f46b3b8c95f5d15d2e66d0` affected `1ae6f05d4204d3a128bb9ba2c42e2a6c4ac687f1` affected `4.13.5 - < 4.14`
Linux	Linux	affected `4.14` unaffected `0 - < 4.14` unaffected `5.15.66 - <= 5.15.` unaffected `5.19.8 - <= 5.19.` unaffected `6.0 - <= *`

References

https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0

https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e

https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49938

Description

Affected Products

References