CVE-2022-50302

medium

Description

In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the fl_file field is NULL.

References

https://git.kernel.org/stable/c/d7aa9f7778316beb690f6e2763b6d672ad8b256f

https://git.kernel.org/stable/c/95d42a8d3d4ae84a0bd3ee23e1fee240cdf0a9f0

https://git.kernel.org/stable/c/688575aef211b0986fc51010116f5888a99d76a2

https://git.kernel.org/stable/c/31c93ee5f1e4dc278b562e20f3c3274ac34997f3

https://git.kernel.org/stable/c/18ebd35b61b4693a0ddc270b6d4f18def232e770

Details

Source: Mitre, NVD

Published: 2025-09-15

Updated: 2025-09-15

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018