CVE-2022-50234
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-11-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is to consider io_uring registered files for cycle detection but not actually putting them down. Because io_uring can't register other ring instances, this will remove all refs to the ring file triggering the ->release path and clean up with io_ring_ctx_free(). [axboe: add kerneldoc comment to skb, fold in skb leak fix]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-11-24
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50234
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability relates to the Linux kernel's io_uring subsystem, specifically how registered files are garbage collected. Previously, io_uring's registered files were handled in the unix_gc() function, but the fix defers this garbage collection to io_uring itself. This change ensures that io_uring registered files are considered for cycle detection without being prematurely released, allowing proper cleanup via io_ring_ctx_free(). This prevents potential resource leaks or improper file release handling within io_uring.

Impact Analysis

The vulnerability could lead to improper cleanup of registered files in the io_uring subsystem, potentially causing resource leaks or instability in the Linux kernel's handling of io_uring operations. This might affect system performance or reliability when using io_uring for asynchronous I/O operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50234. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart