CVE-2022-50729
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix resource leak in ksmbd_session_rpc_open()
When ksmbd_rpc_open() fails then it must call ksmbd_rpc_id_free() to undo the result of ksmbd_ipc_id_alloc().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A resource leak in ksmbd_session_rpc_open() in the Linux kernel's SMB server fails to free an RPC ID on error, leading to potential exhaustion.
Vulnerability
In the Linux kernel's ksmbd (SMB server) implementation, the function ksmbd_session_rpc_open() allocates an RPC ID via ksmbd_ipc_id_alloc(). If the subsequent ksmbd_rpc_open() call fails, the allocated ID is not freed, causing a resource leak [1][2].
Exploitation
An attacker with the ability to trigger ksmbd RPC operations (e.g., via authenticated SMB connections) can repeatedly cause the allocation failure to exhaust available RPC IDs. No special privileges beyond SMB access are required.
Impact
Successful exploitation leads to denial of service by exhausting kernel RPC ID resources, rendering the SMB server unable to process further RPC requests.
Mitigation
The fix was included in stable kernel updates. Administrators should apply the latest kernel patches to resolve the leak [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
431c1b5d3000c9cb49b95c05df9ed133381ebbc044414fa03Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.