CVE-2022-24448: CVE-2022-24448

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-24448

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。KVM是其中的一个基于内核的虚拟机。 Linux kernel 存在安全漏洞，该漏洞源于Linux 内核中的 fs/nfs/dir.c 中发现了一个问题。如果应用程序设置了 O_DIRECTORY 标志，并尝试打开常规文件，nfs_atomic_open() 将执行常规查找。如果找到常规文件，则应该发生 ENOTDIR，但服务器会在文件描述符中返回未初始化的数据。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2022-24448

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-24448

Please Login to view more intelligence information

https://www.spinics.net/lists/stable/msg531976.htmlx_refsource_MISC
https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceafx_refsource_MISC
https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/x_refsource_MISC
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5x_refsource_MISC
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898ax_refsource_MISC
https://www.debian.org/security/2022/dsa-5096vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2022/dsa-5092vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2022-24448

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2022-24448

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-24448

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-24448

III. Intelligence Information for CVE-2022-24448

IV. Related Vulnerabilities

V. Comments for CVE-2022-24448

Leave a comment