CVE Catalog

CVE-2022-50114

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

A reference count leak was discovered in the Linux kernel's p9_read_work() function in the 9p subsystem. When the rc.sdata field of the request structure is NULL, the p9_req_put call is missing, causing a temporary reference leak.

Risk Assessment

This reference leak can lead to kernel memory exhaustion, potentially causing a denial of service (DoS) on systems using the 9p protocol.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit addressing the issue). Monitor for the availability of the patch for your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: 9p: fix refcount leak in p9_read_work() error handling p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid temporary refcount leak. [Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]

Vulnerability data from NVD (NIST) · CISA KEV · EPSS