CVE-2022-50460: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50460 is a vulnerability in the Linux kernel that was discovered and published on October 1, 2025. The vulnerability specifically affects the CIFS (Common Internet File System) implementation, where an xid (transaction ID) leak occurs in the cifs_flock() function. When not using flock, the function returns -ENOLCK without properly freeing the xid, resulting in a resource leak (NVD).

The vulnerability exists in the CIFS filesystem implementation of the Linux kernel. The issue occurs specifically in the cifs_flock() function where there is a failure to free the transaction ID (xid) before returning -ENOLCK when flock is not in use. This results in a resource leak that could potentially impact system performance over time (Ubuntu).

The impact of this vulnerability appears to be primarily related to resource management, potentially leading to resource exhaustion over time if the leak occurs repeatedly. Multiple Linux distributions have marked this with medium priority, suggesting moderate severity but not critical impact (Ubuntu).

Several Linux distributions have released fixes for this vulnerability. Ubuntu has fixed this in version 5.15.0-60.66~20.04.1 for linux-hwe-5.15 and similar versions for other kernel variants. The fix involves properly freeing the xid before returning -ENOLCK in the cifs_flock() function (Ubuntu).