CVE-2022-49316

NFSv4: Don't hold the layoutget locks across multiple RPC calls

Description

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr(). The reason is that those calls could trigger a recall, which could deadlock.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 patch
https://git.kernel.org/stable/c/a2b3be930e79cc5d9d829f158e31172b2043f0cd patch
https://git.kernel.org/stable/c/0ee5b9644f06b4d3cdcd9544f43f63312e425a4c patch
https://git.kernel.org/stable/c/d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e patch
https://git.kernel.org/stable/c/08d7a26d115cc7892668baa9750f64bd8baca29b patch
https://git.kernel.org/stable/c/ea759ae0a9ae5acee677d722129710ac89cc59c1 patch
https://git.kernel.org/stable/c/6949493884fe88500de4af182588e071cf1544ee patch

Frequently Asked Questions

What is the severity of CVE-2022-49316?
CVE-2022-49316 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49316?
To fix CVE-2022-49316, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49316 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49316 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49316?
CVE-2022-49316 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.