CVE-2022-24448

Name
CVE-2022-24448
Description
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
MISC https://www.spinics.net/lists/stable/msg531976.html
MISC https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
MISC https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf
DEBIAN https://www.debian.org/security/2022/dsa-5096
MLIST https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
MLIST https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
DEBIAN https://www.debian.org/security/2022/dsa-5092
Patch https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a
Issue Tracking https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a@huawei.com/T/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None < 5.16.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status