{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49281", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.298Z", "datePublished": "2025-02-26T01:56:23.201Z", "dateUpdated": "2025-05-04T08:34:05.720Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:34:05.720Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix handlecache and multiuser\n\nIn multiuser each individual user has their own tcon structure for the\nshare and thus their own handle for a cached directory.\nWhen we umount such a share we much make sure to release the pinned down dentry\nfor each such tcon and not just the master tcon.\n\nOtherwise we will get nasty warnings on umount that dentries are still in use:\n[ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still in use\\\n (2) [unmount of cifs cifs]\n...\n[ 3459.590492] Call Trace:\n[ 3459.590500] d_walk+0x61/0x2a0\n[ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0\n[ 3459.590526] shrink_dcache_for_umount+0x49/0x110\n[ 3459.590535] generic_shutdown_super+0x1a/0x110\n[ 3459.590542] kill_anon_super+0x14/0x30\n[ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs]\n[ 3459.590773] deactivate_locked_super+0x36/0xa0\n[ 3459.590782] cleanup_mnt+0x131/0x190\n[ 3459.590789] task_work_run+0x5c/0x90\n[ 3459.590798] exit_to_user_mode_loop+0x151/0x160\n[ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0\n[ 3459.590818] syscall_exit_to_user_mode+0x12/0x30\n[ 3459.590828] do_syscall_64+0x48/0x90\n[ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cifs/cifsfs.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2fafbc198613823943c106d1ec9b516da692059f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ffa631c4bff59dde59b598011f570e27dfba3515", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e71f6a3a1d5c826a30384fec587ca7503ef6bde5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "47178c7722ac528ea08aa82c3ef9ffa178962d7a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/cifs/cifsfs.c"], "versions": [{"version": "5.15.33", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.19", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.2", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.16.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.17.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f"}, {"url": "https://git.kernel.org/stable/c/ffa631c4bff59dde59b598011f570e27dfba3515"}, {"url": "https://git.kernel.org/stable/c/e71f6a3a1d5c826a30384fec587ca7503ef6bde5"}, {"url": "https://git.kernel.org/stable/c/47178c7722ac528ea08aa82c3ef9ffa178962d7a"}], "title": "cifs: fix handlecache and multiuser", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B4D5502-DA34-43DA-93D1-158E3047C2C7", "versionEndExcluding": "5.15.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B", "versionEndExcluding": "5.16.19", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix handlecache and multiuser\n\nIn multiuser each individual user has their own tcon structure for the\nshare and thus their own handle for a cached directory.\nWhen we umount such a share we much make sure to release the pinned down dentry\nfor each such tcon and not just the master tcon.\n\nOtherwise we will get nasty warnings on umount that dentries are still in use:\n[ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still in use\\\n (2) [unmount of cifs cifs]\n...\n[ 3459.590492] Call Trace:\n[ 3459.590500] d_walk+0x61/0x2a0\n[ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0\n[ 3459.590526] shrink_dcache_for_umount+0x49/0x110\n[ 3459.590535] generic_shutdown_super+0x1a/0x110\n[ 3459.590542] kill_anon_super+0x14/0x30\n[ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs]\n[ 3459.590773] deactivate_locked_super+0x36/0xa0\n[ 3459.590782] cleanup_mnt+0x131/0x190\n[ 3459.590789] task_work_run+0x5c/0x90\n[ 3459.590798] exit_to_user_mode_loop+0x151/0x160\n[ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0\n[ 3459.590818] syscall_exit_to_user_mode+0x12/0x30\n[ 3459.590828] do_syscall_64+0x48/0x90\n[ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: fix handlecache y multiuser En multiuser, cada usuario individual tiene su propia estructura tcon para el recurso compartido y, por lo tanto, su propio identificador para un directorio en cach\u00e9. Cuando desmontamos un recurso compartido de este tipo, debemos asegurarnos de liberar la entrada dentry fijada para cada uno de esos tcon y no solo el tcon maestro. De lo contrario, recibiremos advertencias desagradables al desmontar que indican que las dentry a\u00fan est\u00e1n en uso: [ 3459.590047] ERROR: Dentry 00000000115c6f41{i=12000000019d95,n=/} a\u00fan en uso\\ (2) [desmontaje de cifs cifs] ... [ 3459.590492] Seguimiento de llamadas: [ 3459.590500] d_walk+0x61/0x2a0 [ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0 [ 3459.590526] shrink_dcache_for_umount+0x49/0x110 [ 3459.590535] generic_shutdown_super+0x1a/0x110 [ 3459.590542] kill_anon_super+0x14/0x30 [ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs] [ 3459.590773] deactivate_locked_super+0x36/0xa0 [ 3459.590782] cleanup_mnt+0x131/0x190 [ 3459.590789] task_work_run+0x5c/0x90 [ 3459.590798] exit_to_user_mode_loop+0x151/0x160 [ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0 [ 3459.590818] syscall_exit_to_user_mode+0x12/0x30 [ 3459.590828] do_syscall_64+0x48/0x90 [ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae"}], "id": "CVE-2022-49281", "lastModified": "2025-10-21T11:46:12.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:04.967", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47178c7722ac528ea08aa82c3ef9ffa178962d7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e71f6a3a1d5c826a30384fec587ca7503ef6bde5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ffa631c4bff59dde59b598011f570e27dfba3515"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cifs: fix handlecache and multiuser", "id": "2347860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347860"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncifs: fix handlecache and multiuser\nIn multiuser each individual user has their own tcon structure for the\nshare and thus their own handle for a cached directory.\nWhen we umount such a share we much make sure to release the pinned down dentry\nfor each such tcon and not just the master tcon.\nOtherwise we will get nasty warnings on umount that dentries are still in use:\n[ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still in use\\\n(2) [unmount of cifs cifs]\n...\n[ 3459.590492] Call Trace:\n[ 3459.590500] d_walk+0x61/0x2a0\n[ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0\n[ 3459.590526] shrink_dcache_for_umount+0x49/0x110\n[ 3459.590535] generic_shutdown_super+0x1a/0x110\n[ 3459.590542] kill_anon_super+0x14/0x30\n[ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs]\n[ 3459.590773] deactivate_locked_super+0x36/0xa0\n[ 3459.590782] cleanup_mnt+0x131/0x190\n[ 3459.590789] task_work_run+0x5c/0x90\n[ 3459.590798] exit_to_user_mode_loop+0x151/0x160\n[ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0\n[ 3459.590818] syscall_exit_to_user_mode+0x12/0x30\n[ 3459.590828] do_syscall_64+0x48/0x90\n[ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae"], "name": "CVE-2022-49281", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49281\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49281\nhttps://lore.kernel.org/linux-cve-announce/2025022631-CVE-2022-49281-4365@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-13T11:22:51.777287+00:00", "updated": "2025-07-13T11:22:51.777359+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}