CVE-2022-50853
Description
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix a credential leak in _nfs4_discover_trunking()
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A credential leak in NFSv4's _nfs4_discover_trunking() could exhaust kernel memory, fixed by properly releasing references.
Vulnerability
CVE-2022-50853 describes a credential leak in the Linux kernel's NFSv4 implementation. The function _nfs4_discover_trunking() fails to release credentials under certain conditions, leading to a reference count leak.
Exploitation
An attacker with network access to trigger NFSv4 trunking discovery could cause repeated credential allocation without freeing, eventually exhausting kernel memory. No authentication is required beyond normal NFS access.
Impact
Successful exploitation results in denial of service due to memory exhaustion. The leak specifically affects struct cred objects, which can accumulate and starve the kernel of memory.
Mitigation
The vulnerability is fixed in Linux kernel stable releases by commits [1] and [2]. Users should apply the latest updates from their distribution.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
4c6aca4c7ba8fdfad5d5e7511b247a9828f66e83458fce080Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.