CVE-2022-24448

Published: Feb 4, 2022Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Affected (4)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.16.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Related CWEs

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (20)

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5

Source: cve@mitre.org

Mailing ListPatchRelease NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/

Source: cve@mitre.org

https://www.debian.org/security/2022/dsa-5092

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2022/dsa-5096

Source: cve@mitre.org

Third Party Advisory

https://www.spinics.net/lists/stable/msg531976.html

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchRelease NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2022/dsa-5092

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2022/dsa-5096

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.spinics.net/lists/stable/msg531976.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.