CVE-2022-50401: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50401 is a vulnerability in the Linux kernel's NFSv4.1 implementation, discovered and disclosed in September 2025. The vulnerability specifically affects the NFSd (Network File System daemon) component when handling callback setup under NFSv4.1 protocol (NVD, Red Hat).

The vulnerability occurs due to a double svcxprtput operation on rpccreate failure in the NFSv4.1 callback setup. When an error situation occurs, `clp->clcbconn.cbxprt` incorrectly receives a reference to the xprt, causing both client cleanup and the error handling path to attempt to release it. This leads to a refcount underflow condition and potential use-after-free scenario (Red Hat). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.1 with attack vector: Local, attack complexity: High (Red Hat).

The vulnerability can result in a server-side denial of service condition. When triggered, it can cause a refcount underflow and use-after-free situation, potentially leading to kernel oops or panic. This can be initiated by a misbehaving client or during resource-pressure situations during callback establishment (Red Hat).

The fix involves modifying the reference handling in the NFSv4.1 callback setup code to delay handing over the reference to a later branch, preventing the double-put situation. Various Linux distributions have different patch status: Red Hat Enterprise Linux 8 and 9 have deferred the fix, while Red Hat Enterprise Linux 7 is not affected (Red Hat).