CVE-2022-49928

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49928
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49928.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49928
Related
Published
2025-05-01T15:16:18Z
Modified
2025-05-07T13:28:44Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed

There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-ptr-deref in sysfsdocreatelinksd+0x40/0xd0 Read of size 8 at addr 0000000000000030 by task gssproxy/457

CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9 Call Trace: <TASK> dumpstacklvl+0x34/0x44 kasanreport+0xa3/0x120 sysfsdocreatelinksd+0x40/0xd0 rpcsysfsclientsetup+0x161/0x1b0 rpcnewclient+0x3fc/0x6e0 rpccreatexprt+0x71/0x220 rpccreate+0x1d4/0x350 gssprpccreate+0xc3/0x160 setgsspclnt+0xbc/0x140 writegssp+0x116/0x1a0 procregwrite+0xd6/0x130 vfswrite+0x177/0x690 ksyswrite+0xb9/0x150 dosyscall64+0x35/0x80 entrySYSCALL64afterhwframe+0x46/0xb0

When the xprtswitch sysfs alloc failed, should not add xprt and switch sysfs to it, otherwise, maybe null-ptr-deref; also initialize the 'xpssysfs' to NULL to avoid oops when destroy it.

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}