Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2022-24448 - log back

CVE-2022-24448 created at 09 May 2022 23:47:22

Severity

+

Low

Remote

+

Local

Type

+	Information disclosure

Description

+

A flaw was found in the Linux kernel. When an application tries to open a directory (using the O_DIRECTORY flag) in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor instead of the expected ENOTDIR value. This flaw leads to the kernel's data leak into the userspace.

References

+	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf
+	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5

Notes

+

TODO