CVE-2022-49366

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49366
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49366.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49366
Downstream
Published
2025-02-26T02:11:11.250Z
Modified
2026-04-02T08:27:31.536605Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ksmbd: fix reference count leak in smb_check_perm_dacl()
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix reference count leak in smbcheckperm_dacl()

The issue happens in a specific path in smbcheckpermdacl(). When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference count of the object "posixacls", which is increased by get_acl() earlier. This may result in memory leaks.

Fix it by decreasing the reference count of "posixacls" before jumping to label "checkaccess_bits".

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49366.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
777cad1604d68ed4379ec899d1f7d2f6a29f01f0
Fixed
cf824b95c12a1abacadbc2d069931963221a3414
Fixed
248d71b440aef829f5cc5f6545ca113ef5062900
Fixed
9758a6653c27867d810de02b4e5697163dda9883
Fixed
d21a580dafc69aa04f46e6099616146a536b0724

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49366.json"