CVE-2022-49103 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
[You don't often get email from [email protected]. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]
The reference counting issue happens in two error paths in the function _nfs42_proc_copy_notify(). In both error paths, the function simply returns the error code and forgets to balance the refcount of object `ctx`, bumped by get_nfs_open_context() earlier, which may cause refcount leaks.
Fix it by balancing refcount of the `ctx` object before the function returns in both error paths.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/13/2025
The vulnerability described in CVE-2022-49103 represents a critical reference counting issue within the Linux kernel's Network File System version 4.2 implementation. This flaw specifically affects the _nfs42_proc_copy_notify() function which handles copy notification operations in NFSv4.2 protocol implementations. The vulnerability stems from improper resource management where the kernel fails to properly decrement reference counts during error conditions, leading to potential memory leaks and resource exhaustion scenarios. Such issues are particularly dangerous in server environments where NFS services are heavily utilized and may be exploited to consume system resources over time.
The technical flaw manifests in two distinct error paths within the _nfs42_proc_copy_notify() function where the kernel invokes get_nfs_open_context() to increment the reference count of a context object named 'ctx'. However, when errors occur during processing, the function returns early without properly balancing this reference count through a corresponding put_nfs_open_context() call. This creates a scenario where the reference counter remains incremented, preventing the kernel from properly releasing the associated memory structures. The vulnerability is classified as a reference counting leak under CWE-404, which specifically addresses improper resource management where resources are not properly released. This pattern of resource management failure can lead to gradual memory consumption and system instability.
The operational impact of this vulnerability extends beyond simple memory leaks to potentially compromise system availability and performance. When the reference counting mechanism fails, it can result in memory fragmentation and gradual resource depletion, particularly in high-traffic NFS environments where copy operations are frequently performed. Attackers could potentially exploit this weakness by repeatedly triggering error conditions in the NFSv4.2 implementation, leading to progressive memory exhaustion that may cause system slowdowns or complete service unavailability. The vulnerability aligns with ATT&CK technique T1499.003 for resource exhaustion attacks, where adversaries target system resources to deny service to legitimate users.
The fix implemented addresses the core issue by ensuring proper reference count balancing in both error paths of the function. This remediation follows established kernel development practices for resource management and aligns with security best practices for preventing resource leaks in kernel space code. The solution requires that before any early return occurs in error conditions, the kernel must properly decrement the reference count of the 'ctx' object that was previously incremented. This approach prevents the accumulation of unreleased references and maintains the integrity of the kernel's memory management subsystem. The fix demonstrates proper adherence to kernel security principles and represents a standard defensive programming practice for maintaining resource consistency in concurrent systems. Organizations should prioritize applying this patch to mitigate the risk of potential exploitation and ensure continued system stability in NFSv4.2 environments.