Uninitialized Memory Usage in Linux Kernel 9p Client Implementation
CVE-2022-50335

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50335?

In the Linux kernel's 9p client, a vulnerability exists where newly allocated requests may be added to an identifier registry without proper initialization. This can lead to the utilization of uninitialized memory if a response is received before the request's reference count is established. Such exploitation may result in corrupted memory and improper request handling, leading to potential system instability or unauthorized access. To mitigate this issue, patches were implemented to ensure that reference counts are initialized to zero before allocation.

Affected Version(s)

Linux 728356dedeff8ef999cb436c71333ef4ac51a81c < 1cabce56626a61f4f02452cba61ad4332a4b73f8

Linux 728356dedeff8ef999cb436c71333ef4ac51a81c < 73c47b3123b351de2d3714a72a336c0f72f203af

Linux 728356dedeff8ef999cb436c71333ef4ac51a81c < 967fc34f297e40fd2e068cf6b0c3eb4916228539

References

https://git.kernel.org/stable/c/1cabce56626a61f4f02452cba...

https://git.kernel.org/stable/c/73c47b3123b351de2d3714a72...

https://git.kernel.org/stable/c/967fc34f297e40fd2e068cf6b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025