Bug 2083992 (CVE-2022-1671) - CVE-2022-1671 kernel: null-ptr-deref bugs in net/rxrpc/server_key.c in rxrpc_preparse_s
Summary: CVE-2022-1671 kernel: null-ptr-deref bugs in net/rxrpc/server_key.c in rxrpc_...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-1671
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2084037 2084038
Blocks: 2083989 2084035
TreeView+ depends on / blocked
 
Reported: 2022-05-11 07:42 UTC by Rohit Keshri
Modified: 2023-07-28 17:00 UTC (History)
49 users (show)

Fixed In Version: kernel 5.18 rc1
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.
Clone Of:
Environment:
Last Closed: 2022-08-29 10:02:36 UTC
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2022-05-11 07:42:33 UTC 
There are some null-ptr-deref bugs in server_key.c in net/rxrpc/server_key.c in the latest kernel, unprivileged users can easily trigger it via ioctl.

#Root Cause
Some function calls are not implemented in rxrpc_no_security, there are preparse_server_key, free_preparse_server_key and destroy_server_key.

When rxrpc security type is rxrpc_no_security, unprivileged users can easily trigger a null-ptr-deref bug via ioctl. So judgment should be added to prevent it
Comment 9 Jan Pazdziora 2023-07-28 17:00:14 UTC 
Hello, the CVE page https://access.redhat.com/security/cve/CVE-2022-1671 Statement paragraph says

The affected code was not introduced into any kernel versions shipped with Red Hat Enterprise Linux making this vulnerable and not applicable to these platforms.

Should that be "making this vulnerability not applicable" or something similar?
Note You need to log in before you can comment on or make changes to this bug.