CVE-2022-49705

In the Linux kernel, the following vulnerability has been resolved:

9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl

We need to release directory fid if we fail halfway through open

This fixes fid leaking with xfstests generic 531
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.51
linuxlinux_kernel
5.16 ≤
𝑥
< 5.18.8
linuxlinux_kernel
5.19:rc1
linuxlinux_kernel
5.19:rc2
linuxlinux_kernel
5.19:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/22832ac3eb5be3f7168816a76b64c1284e12eb3c
https://git.kernel.org/stable/c/8bc5412ba1a45edfd1e451874c483c26a097af2b
https://git.kernel.org/stable/c/beca774fc51a9ba8abbc869cf0c3d965ff17cd24