CVE-2022-50367: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2022-50367) has been identified related to a Use-After-Free (UAF) and General Protection Fault (GPF) bug in the nilfsmdtdestroy function. The issue occurs when inodeinitalways() returns -ENOMEM if securityinodealloc() fails, leaving inode->iprivate uninitialized. This causes nilfsismetadatafileinode() to return true, leading nilfsfreeinode() to incorrectly call nilfsmdtdestroy(), which frees the uninitialized inode->iprivate and results in crashes (NVD).

The vulnerability stems from a sequence of events in the Linux kernel's filesystem code. When inodeinitalways() fails with -ENOMEM during securityinodealloc(), it leaves the inode->iprivate pointer uninitialized. Subsequently, nilfsismetadatafileinode() incorrectly returns true for this uninitialized state, triggering nilfsfreeinode() to call nilfsmdtdestroy(). This function then attempts to free the uninitialized inode->iprivate pointer, resulting in UAF/GPF crashes. The fix involves relocating the securityinodealloc call to just before thiscpuinc(nr_inodes) (NVD).

The vulnerability can lead to system crashes through Use-After-Free (UAF) and General Protection Fault (GPF) conditions when handling certain filesystem operations. This affects the stability and reliability of systems using the affected Linux kernel versions (NVD).

The vulnerability has been patched by moving the securityinodealloc call to execute just prior to thiscpuinc(nr_inodes), ensuring proper initialization sequence. Users should update to patched kernel versions that include this fix (NVD).