Bug 2348347 (CVE-2022-49418) - CVE-2022-49418 kernel: NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
Summary: CVE-2022-49418 kernel: NFSv4: Fix free of uninitialized nfs4_label on referra...
Keywords:
Status: NEW
Alias: CVE-2022-49418
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:26 UTC by OSIDB Bzimport
Modified: 2025-02-26 07:30 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:26:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

NFSv4: Fix free of uninitialized nfs4_label on referral lookup.

Send along the already-allocated fattr along with nfs4_fs_locations, and
drop the memcpy of fattr.  We end up growing two more allocations, but this
fixes up a crash as:

PID: 790    TASK: ffff88811b43c000  CPU: 0   COMMAND: "ls"
 #0 [ffffc90000857920] panic at ffffffff81b9bfde
 #1 [ffffc900008579c0] do_trap at ffffffff81023a9b
 #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78
 #3 [ffffc90000857a58] exc_stack_segment at ffffffff81be1f45
 #4 [ffffc90000857a80] asm_exc_stack_segment at ffffffff81c009de
 #5 [ffffc90000857b08] nfs_lookup at ffffffffa0302322 [nfs]
 #6 [ffffc90000857b70] __lookup_slow at ffffffff813a4a5f
 #7 [ffffc90000857c60] walk_component at ffffffff813a86c4
 #8 [ffffc90000857cb8] path_lookupat at ffffffff813a9553
 #9 [ffffc90000857cf0] filename_lookup at ffffffff813ab86b
Comment 1 Avinash Hanwate 2025-02-26 07:26:29 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022653-CVE-2022-49418-ff01@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.