{"id":"CVE-2022-50367","summary":"fs: fix UAF/GPF bug in nilfs_mdt_destroy","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)","modified":"2026-04-02T08:28:26.899375Z","published":"2025-09-17T14:56:23.190Z","related":["ALSA-2025:19409","ALSA-2025:19931","ALSA-2025:19932","SUSE-SU-2025:03613-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4189-1","SUSE-SU-2026:0154-1","SUSE-SU-2026:0155-1","SUSE-SU-2026:0200-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50367.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29"},{"type":"WEB","url":"https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50367.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50367"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"d1ff475d7c83289d0a7faef346ea3bbf90818bad"},{"fixed":"c0aa76b0f17f59dd9c9d3463550a2986a1d592e4"},{"fixed":"ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48"},{"fixed":"70e4f70d54e0225f91814e8610477d65f33cefe4"},{"fixed":"1e555c3ed1fce4b278aaebe18a64a934cece57d8"},{"fixed":"64b79e632869ad3ef6c098a4731d559381da1115"},{"fixed":"81de80330fa6907aec32eb54c5619059e6e36452"},{"fixed":"2a96b532098284ecf8e4849b8b9e5fc7a28bdee9"},{"fixed":"2e488f13755ffbb60f307e991b27024716a33b29"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50367.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}