CVE-2022-50401 – This CVE describes a double-free vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-50401?

CVE-2022-50401 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free vulnerability in the Linux kernel's NFS server (nfsd) under NFSv4.1. When rpc_create fails during callback connection setup, the error handling path incorrectly calls svc_xprt_put twice on the same transport object, causing a use-after-free condition that can crash the kernel or potentially lead to privilege escalation. Systems running Linux kernels with NFS server enabled are affected.

📋 TL;DR

This CVE describes a double-free vulnerability in the Linux kernel's NFS server (nfsd) under NFSv4.1. When rpc_create fails during callback connection setup, the error handling path incorrectly calls svc_xprt_put twice on the same transport object, causing a use-after-free condition that can crash the kernel or potentially lead to privilege escalation. Systems running Linux kernels with NFS server enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution, but generally 5.15.x and earlier affected versions)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when NFS server (nfsd) is running with NFSv4.1 support and callback connections are used. Many systems have NFS server disabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode allowing full system compromise.

🟠

Likely Case

Kernel crash or system instability when NFSv4.1 callback connections fail, causing denial of service.

🟢

If Mitigated

No impact if NFS server is disabled or NFSv4.1 callbacks are not used.

🌐 Internet-Facing: MEDIUM - NFS servers exposed to untrusted networks could be targeted, but exploitation requires specific NFSv4.1 callback failures.

🏢 Internal Only: LOW - Internal NFS servers are less likely to be targeted, but the vulnerability could still be triggered accidentally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering specific NFSv4.1 callback failure conditions. The vulnerability is in error handling code, making reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 15fc60aa5bdcf6d5f93000d3d00579fc67632ee0, 3bc8edc98bd43540dbe648e4ef91f443d6d20a24, 707bcca9616002d204091ca7c4d1d91151104332, 9b4ae8c42d2ff09ed7c5832ccce5684c55e5ed23, a472f069ced8601979f53c13c0cf20236074ed46

Vendor Advisory: https://git.kernel.org/stable/c/15fc60aa5bdcf6d5f93000d3d00579fc67632ee0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: 'yum update kernel'. 3. For Ubuntu/Debian: 'apt update && apt upgrade linux-image-*'. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NFS server

linux

Stop and disable nfs-server service if not needed

systemctl stop nfs-server
systemctl disable nfs-server

Disable NFSv4.1 callbacks

linux

Configure NFS server to not use NFSv4.1 callbacks

echo 'options nfs callback_tcpport=0' > /etc/modprobe.d/nfs-callback.conf
systemctl restart nfs-server

🧯 If You Can't Patch

Disable NFS server entirely if not required
Restrict NFS access to trusted clients only using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if NFS server is running and kernel version is vulnerable: 'systemctl status nfs-server' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and ensure NFS server restarted: 'uname -r' and check for fix commits in kernel changelog

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing 'refcount_t: underflow; use-after-free' or 'list_add corruption' messages
NFS server crash logs
System crashes during NFS operations

Network Indicators:

Unexpected NFS connection failures
NFSv4.1 callback connection attempts

SIEM Query:

source="kernel" AND ("refcount_t: underflow" OR "list_add corruption")

📊 Metadata

CVE ID: CVE-2022-50401

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: September 18, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50401, you might also want to check these: