SB20250226528 - Improper locking in Linux kernel nfs
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226528
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-49316)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the _nfs4_open_and_get_state() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08d7a26d115cc7892668baa9750f64bd8baca29b
- https://git.kernel.org/stable/c/0ee5b9644f06b4d3cdcd9544f43f63312e425a4c
- https://git.kernel.org/stable/c/6949493884fe88500de4af182588e071cf1544ee
- https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010
- https://git.kernel.org/stable/c/a2b3be930e79cc5d9d829f158e31172b2043f0cd
- https://git.kernel.org/stable/c/d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e
- https://git.kernel.org/stable/c/ea759ae0a9ae5acee677d722129710ac89cc59c1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4