{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: NFSv4/pnfs: Fix a use-after-free bug in open",
    "id" : "2373562",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373562"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-763",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nNFSv4/pnfs: Fix a use-after-free bug in open\nIf someone cancels the open RPC call, then we must not try to free\neither the open slot or the layoutget operation arguments, since they\nare likely still in use by the hung RPC call." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-26T00:00:00Z",
    "advisory" : "RHBA-2024:7198",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "rhel8/go-toolset:1.21.13-1.1727172995"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-26T00:00:00Z",
    "advisory" : "RHBA-2024:7198",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ubi8/go-toolset:1.21.13-1.1727172995"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-26T00:00:00Z",
    "advisory" : "RHBA-2024:7236",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "rhel8/flatpak-sdk:el8-8100020240123120116.1727145670"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-10-03T00:00:00Z",
    "advisory" : "RHBA-2024:7637",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "rhel8/support-tools:8.10-7.1727947227"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:7000",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.22.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50072\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50072\nhttps://lore.kernel.org/linux-cve-announce/2025061853-CVE-2022-50072-de2b@gregkh/T" ],
  "name" : "CVE-2022-50072",
  "csaw" : false
}