Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smb_check_perm_dacl() The issue happens in a specific path in smb_check_perm_dacl(). When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference count of the object "posix_acls", which is increased by get_acl() earlier. This may result in memory leaks. Fix it by decreasing the reference count of "posix_acls" before jumping to label "check_access_bits".

INFO

Published Date :

2025-02-26T02:11:11.250Z

Last Modified :

2025-10-01T19:46:53.699Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49366 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49366.

URL Resource
https://git.kernel.org/stable/c/248d71b440aef829f5cc5f6545ca113ef5062900 cve-icon cve-icon
https://git.kernel.org/stable/c/9758a6653c27867d810de02b4e5697163dda9883 cve-icon cve-icon
https://git.kernel.org/stable/c/cf824b95c12a1abacadbc2d069931963221a3414 cve-icon cve-icon
https://git.kernel.org/stable/c/d21a580dafc69aa04f46e6099616146a536b0724 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022645-CVE-2022-49366-d901@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49366 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49366 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact