{
  "threat_severity" : "Low",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cifs: Fix memory leak on the deferred close",
    "id" : "2373647",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373647"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncifs: Fix memory leak on the deferred close\nxfstests on smb21 report kmemleak as below:\nunreferenced object 0xffff8881767d6200 (size 64):\ncomm \"xfs_io\", pid 1284, jiffies 4294777434 (age 20.789s)\nhex dump (first 32 bytes):\n80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff  .Z......x..c....\n00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00  .q.v............\nbacktrace:\n[<00000000ad04e6ea>] cifs_close+0x92/0x2c0\n[<0000000028b93c82>] __fput+0xff/0x3f0\n[<00000000d8116851>] task_work_run+0x85/0xc0\n[<0000000027e14f9e>] do_exit+0x5e5/0x1240\n[<00000000fb492b95>] do_group_exit+0x58/0xe0\n[<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30\n[<00000000e3f7d8e9>] do_syscall_64+0x35/0x80\n[<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\nWhen cancel the deferred close work, we should also cleanup the struct\ncifs_deferred_close." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50076\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50076\nhttps://lore.kernel.org/linux-cve-announce/2025061855-CVE-2022-50076-f930@gregkh/T" ],
  "name" : "CVE-2022-50076",
  "csaw" : false
}