Bug 2363453 (CVE-2022-49928) - CVE-2022-49928 kernel: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
Summary: CVE-2022-49928 kernel: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
Keywords:
Status: NEW
Alias: CVE-2022-49928
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-01 15:05 UTC by OSIDB Bzimport
Modified: 2025-06-06 00:11 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-01 15:05:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed

There is a null-ptr-deref when xps sysfs alloc failed:
  BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0
  Read of size 8 at addr 0000000000000030 by task gssproxy/457

  CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9
  Call Trace:
   <TASK>
   dump_stack_lvl+0x34/0x44
   kasan_report+0xa3/0x120
   sysfs_do_create_link_sd+0x40/0xd0
   rpc_sysfs_client_setup+0x161/0x1b0
   rpc_new_client+0x3fc/0x6e0
   rpc_create_xprt+0x71/0x220
   rpc_create+0x1d4/0x350
   gssp_rpc_create+0xc3/0x160
   set_gssp_clnt+0xbc/0x140
   write_gssp+0x116/0x1a0
   proc_reg_write+0xd6/0x130
   vfs_write+0x177/0x690
   ksys_write+0xb9/0x150
   do_syscall_64+0x35/0x80
   entry_SYSCALL_64_after_hwframe+0x46/0xb0

When the xprt_switch sysfs alloc failed, should not add xprt and
switch sysfs to it, otherwise, maybe null-ptr-deref; also initialize
the 'xps_sysfs' to NULL to avoid oops when destroy it.
Comment 1 Avinash Hanwate 2025-05-02 05:55:35 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050111-CVE-2022-49928-3664@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.