CVE-2022-49316

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr(). The reason is that those calls could trigger a recall, which could deadlock.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (7)

Patch https://git.kernel.org/stable/c/08d7a26d115cc7892668baa9750f64bd8baca29b

Patch https://git.kernel.org/stable/c/0ee5b9644f06b4d3cdcd9544f43f63312e425a4c

Patch https://git.kernel.org/stable/c/6949493884fe88500de4af182588e071cf1544ee

Patch https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010

Patch https://git.kernel.org/stable/c/a2b3be930e79cc5d9d829f158e31172b2043f0cd

Patch https://git.kernel.org/stable/c/d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e

Patch https://git.kernel.org/stable/c/ea759ae0a9ae5acee677d722129710ac89cc59c1

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal