CVE-2022-49704

9p: fix fid refcount leak in v9fs_vfs_get_link

Description

In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f0126bcaee81dabc1926012126aa74caa03a4c6e patch
https://git.kernel.org/stable/c/e7b6d622bd812013eb39c8f4cd65b7ee8ede1e02 patch
https://git.kernel.org/stable/c/e5690f263208c5abce7451370b7786eb25b405eb patch

Frequently Asked Questions

What is the severity of CVE-2022-49704?
CVE-2022-49704 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49704?
To fix CVE-2022-49704, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49704 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49704 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49704?
CVE-2022-49704 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.