CVE-2022-50367
Published: Sep 17, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < d1ff475d7c83289d0a7faef346ea3bbf90818badaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < c0aa76b0f17f59dd9c9d3463550a2986a1d592e4affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 70e4f70d54e0225f91814e8610477d65f33cefe4affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 1e555c3ed1fce4b278aaebe18a64a934cece57d8+4 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.9.331 - <= 4.9.*unaffected 4.14.296 - <= 4.14.*unaffected 4.19.262 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now