{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49064", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.244Z", "datePublished": "2025-02-26T01:54:33.164Z", "dateUpdated": "2025-05-04T08:28:57.648Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:28:57.648Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: unmark inode in use in error path\n\nUnmark inode in use if error encountered. If the in-use flag leakage\noccurs in cachefiles_open_file(), Cachefiles will complain \"Inode\nalready in use\" when later another cookie with the same index key is\nlooked up.\n\nIf the in-use flag leakage occurs in cachefiles_create_tmpfile(), though\nthe \"Inode already in use\" warning won't be triggered, fix the leakage\nanyway."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cachefiles/namei.c"], "versions": [{"version": "1f08c925e7a38002bde509e66f6f891468848511", "lessThan": "b2055abafd3d4ee0376fb3eed5cae866316995a1", "status": "affected", "versionType": "git"}, {"version": "1f08c925e7a38002bde509e66f6f891468848511", "lessThan": "ea5dc046127e857a7873ae55fd57c866e9e86fb2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cachefiles/namei.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.4", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "5.17.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "5.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b2055abafd3d4ee0376fb3eed5cae866316995a1"}, {"url": "https://git.kernel.org/stable/c/ea5dc046127e857a7873ae55fd57c866e9e86fb2"}], "title": "cachefiles: unmark inode in use in error path", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "62D8CC4C-A7BD-4651-8B8B-B5D5AABB585E", "versionEndExcluding": "5.17.4", "versionStartIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*", "matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*", "matchCriteriaId": "7AB06DDF-3C2B-416D-B448-E990D8FF67A9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: unmark inode in use in error path\n\nUnmark inode in use if error encountered. If the in-use flag leakage\noccurs in cachefiles_open_file(), Cachefiles will complain \"Inode\nalready in use\" when later another cookie with the same index key is\nlooked up.\n\nIf the in-use flag leakage occurs in cachefiles_create_tmpfile(), though\nthe \"Inode already in use\" warning won't be triggered, fix the leakage\nanyway."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: desmarcar inodo en uso en ruta de error Desmarcar inodo en uso si se encuentra un error. Si la fuga de la bandera en uso ocurre en cachefiles_open_file(), Cachefiles mostrar\u00e1 el mensaje \"Inodo ya en uso\" cuando m\u00e1s tarde se busque otra cookie con la misma clave de \u00edndice. Si la fuga de la bandera en uso ocurre en cachefiles_create_tmpfile(), aunque no se active la advertencia \"Inodo ya en uso\", solucione la fuga de todos modos."}], "id": "CVE-2022-49064", "lastModified": "2025-10-14T19:04:27.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:00:43.637", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2055abafd3d4ee0376fb3eed5cae866316995a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea5dc046127e857a7873ae55fd57c866e9e86fb2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cachefiles: unmark inode in use in error path", "id": "2347912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347912"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncachefiles: unmark inode in use in error path\nUnmark inode in use if error encountered. If the in-use flag leakage\noccurs in cachefiles_open_file(), Cachefiles will complain \"Inode\nalready in use\" when later another cookie with the same index key is\nlooked up.\nIf the in-use flag leakage occurs in cachefiles_create_tmpfile(), though\nthe \"Inode already in use\" warning won't be triggered, fix the leakage\nanyway."], "name": "CVE-2022-49064", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49064\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49064\nhttps://lore.kernel.org/linux-cve-announce/2025022654-CVE-2022-49064-3c74@gregkh/T"], "threat_severity": "Low"}