[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2022-50432":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2022-50432","In the Linux kernel, the following vulnerability has been resolved:  kernfs: fix use-after-free in __kernfs_remove  Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the same file resulting in a KASAN detected use-after-free. The race occurs when the root node is freed during kernfs_drain().  To prevent this acquire an additional reference for the root of the tree that is removed before calling __kernfs_remove().  Found by syzkaller with the following reproducer (slab_nomerge is required):  syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\\x00', 0x100000, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\\x00', 0x0, 0x0) close(r0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, \u003Cr1=>0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\\x00', &(0x7f00000000c0), 0x408, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@mmap}, {@loose}, {@loose}, {@mmap}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@dont_hash}]}})  Sample report:  ================================================================== BUG: KASAN: use-after-free in kernfs_type include/linux/kernfs.h:335 [inline] BUG: KASAN: use-after-free in kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline] BUG: KASAN: use-after-free in __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369 Read of size 2 at addr ffff8880088807f0 by task syz-executor.2/857  CPU: 0 PID: 857 Comm: syz-executor.2 Not tainted 6.0.0-rc3-00363-g7726d4c3e60b #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:  \u003CTASK>  __dump_stack lib/dump_stack.c:88 [inline]  dump_stack_lvl+0x6e/0x91 lib/dump_stack.c:106  print_address_description mm/kasan/report.c:317 [inline]  print_report.cold+0x5e/0x5e5 mm/kasan/report.c:433  kasan_report+0xa3/0x130 mm/kasan/report.c:495  kernfs_type include/linux/kernfs.h:335 [inline]  kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]  __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369  __kernfs_remove fs/kernfs/dir.c:1356 [inline]  kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589  sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943  __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899  create_cache mm/slab_common.c:229 [inline]  kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335  p9_client_create+0xd4d/0x1190 net/9p/client.c:993  v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408  v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126  legacy_get_tree+0xf1/0x200 fs/fs_context.c:610  vfs_get_tree+0x85/0x2e0 fs/super.c:1530  do_new_mount fs/namespace.c:3040 [inline]  path_mount+0x675/0x1d00 fs/namespace.c:3370  do_mount fs/namespace.c:3383 [inline]  __do_sys_mount fs/namespace.c:3591 [inline]  __se_sys_mount fs/namespace.c:3568 [inline]  __x64_sys_mount+0x282/0x300 fs/namespace.c:3568  do_syscall_x64 arch/x86/entry/common.c:50 [inline]  do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80  entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f725f983aed Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003C48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f725f0f7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f725faa3f80 RCX: 00007f725f983aed RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 RBP: 00007f725f9f419c R08: 0000000020000280 R09: 0000000000000000 R10: 0000000000000408 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007f725faa3f80 R15: 00007f725f0d7000  \u003C/TASK>  Allocated by task 855:  kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38  kasan_set_track mm/kasan/common.c:45 [inline]  set_alloc_info mm/kasan/common.c:437 [inline]  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:470  kasan_slab_alloc include/linux/kasan.h:224 [inline]  slab_post_alloc_hook mm/slab.h:7 ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2022-50432",[],[],[],"2025-10-01T12:15:34.977Z","2026-04-28T20:25:35.697490Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2022-50432",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},7.8,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52,55,56],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt5_10_158_1",true,"ecosystem","5.10.158-1","excluding",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},"lt6_0_7_1","6.0.7-1",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9}]