{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50367","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:06.995Z","datePublished":"2025-09-17T14:56:23.190Z","dateUpdated":"2026-05-11T19:18:11.230Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:18:11.230Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode->i_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode->i_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/inode.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d1ff475d7c83289d0a7faef346ea3bbf90818bad","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c0aa76b0f17f59dd9c9d3463550a2986a1d592e4","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"70e4f70d54e0225f91814e8610477d65f33cefe4","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1e555c3ed1fce4b278aaebe18a64a934cece57d8","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"64b79e632869ad3ef6c098a4731d559381da1115","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"81de80330fa6907aec32eb54c5619059e6e36452","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2a96b532098284ecf8e4849b8b9e5fc7a28bdee9","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2e488f13755ffbb60f307e991b27024716a33b29","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/inode.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.9.331","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.296","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.262","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.218","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.148","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.73","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.15","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.1","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.9.331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.14.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.262"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.218"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.148"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.73"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.19.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.0.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad"},{"url":"https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4"},{"url":"https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48"},{"url":"https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4"},{"url":"https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8"},{"url":"https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115"},{"url":"https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452"},{"url":"https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9"},{"url":"https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29"}],"title":"fs: fix UAF/GPF bug in nilfs_mdt_destroy","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-50367","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-01-14T18:35:10.102018Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:42:59.212Z"}}]}}