CVE-2022-49928

There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-ptr-deref in sysfsdocreatelinksd+0x40/0xd0 Read of size 8 at addr 0000000000000030 by task gssproxy/457

CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9 Call Trace: <TASK> dumpstacklvl+0x34/0x44 kasanreport+0xa3/0x120 sysfsdocreatelinksd+0x40/0xd0 rpcsysfsclientsetup+0x161/0x1b0 rpcnewclient+0x3fc/0x6e0 rpccreatexprt+0x71/0x220 rpccreate+0x1d4/0x350 gssprpccreate+0xc3/0x160 setgsspclnt+0xbc/0x140 writegssp+0x116/0x1a0 procregwrite+0xd6/0x130 vfswrite+0x177/0x690 ksyswrite+0xb9/0x150 dosyscall64+0x35/0x80 entrySYSCALL64afterhwframe+0x46/0xb0

When the xprtswitch sysfs alloc failed, should not add xprt and switch sysfs to it, otherwise, maybe null-ptr-deref; also initialize the 'xpssysfs' to NULL to avoid oops when destroy it.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49928.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

baea99445dd4675a834e8a5987d2f368adb62e6c

Fixed

d59722d088a9d86ce6d9d39979e5d1d669d249f7

Fixed

7b189b0aa8dab14b49c31c65af8a982e96e25b62

Fixed

cbdeaee94a415800c65a8c3fa04d9664a8b8fb3a

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49928.json"