CVE-2022-50302

In the Linux kernel, the following vulnerability has been resolved:

lockd: set other missing fields when unlocking files

vfs_lock_file() expects the struct file_lock to be fully initialised by
the caller. Re-exported NFSv3 has been seen to Oops if the fl_file field
is NULL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
5.15.56 ≤
𝑥
< 5.15.86
linuxlinux_kernel
5.18.13 ≤
𝑥
< 5.19
linuxlinux_kernel
5.19.1 ≤
𝑥
< 6.0.16
linuxlinux_kernel
6.1 ≤
𝑥
< 6.1.2
linuxlinux_kernel
5.19
linuxlinux_kernel
5.19:rc7
linuxlinux_kernel
5.19:rc8
𝑥
= Vulnerable software versions
References
https://git.kernel.org/stable/c/18ebd35b61b4693a0ddc270b6d4f18def232e770
https://git.kernel.org/stable/c/31c93ee5f1e4dc278b562e20f3c3274ac34997f3
https://git.kernel.org/stable/c/688575aef211b0986fc51010116f5888a99d76a2
https://git.kernel.org/stable/c/95d42a8d3d4ae84a0bd3ee23e1fee240cdf0a9f0
https://git.kernel.org/stable/c/d7aa9f7778316beb690f6e2763b6d672ad8b256f