CVE-2022-50234 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is to consider io_uring registered files for cycle detection but not actually putting them down. Because io_uring can't register other ring instances, this will remove all refs to the ring file triggering the ->release path and clean up with io_ring_ctx_free(). [axboe: add kerneldoc comment to skb, fold in skb leak fix]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80
https://git.kernel.org/stable/c/04df9719df1865f6770af9bc7880874af0e594b2
https://git.kernel.org/stable/c/75e94c7e8859e58aadc15a98cc9704edff47d4f2
https://git.kernel.org/stable/c/813d8fe5d30388f73a21d3a2bf46b0a1fd72498c
https://git.kernel.org/stable/c/b4293c01ee0d0ecdd3cb5801e13f62271144667a
https://git.kernel.org/stable/c/c378c479c5175833bb22ff71974cda47d7b05401
https://lore.kernel.org/linux-cve-announce/2025091545-CVE-2022-50234-bd01@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50234
https://www.cve.org/CVERecord?id=CVE-2022-50234

History

Wed, 17 Sep 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 17 Sep 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025091545-CVE-2022-50234-bd01@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50234 https://www.cve.org/CVERecord?id=CVE-2022-50234
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Mon, 15 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is to consider io_uring registered files for cycle detection but not actually putting them down. Because io_uring can't register other ring instances, this will remove all refs to the ring file triggering the ->release path and clean up with io_ring_ctx_free(). [axboe: add kerneldoc comment to skb, fold in skb leak fix]
Title		io_uring/af_unix: defer registered files gc to io_uring release
References		https://git.kernel.org/stable/c/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 https://git.kernel.org/stable/c/04df9719df1865f6770af9bc7880874af0e594b2 https://git.kernel.org/stable/c/75e94c7e8859e58aadc15a98cc9704edff47d4f2 https://git.kernel.org/stable/c/813d8fe5d30388f73a21d3a2bf46b0a1fd72498c https://git.kernel.org/stable/c/b4293c01ee0d0ecdd3cb5801e13f62271144667a https://git.kernel.org/stable/c/c378c479c5175833bb22ff71974cda47d7b05401

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-15T14:01:38.199Z

Updated: 2025-09-15T14:01:38.199Z

Reserved: 2025-06-18T10:57:27.432Z

Link: CVE-2022-50234

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-09-15T14:15:33.727

Modified: 2025-09-15T15:21:42.937

Link: CVE-2022-50234

Redhat

Severity : Low

Publid Date: 2025-09-15T00:00:00Z

Links: CVE-2022-50234 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object