CVE-2022-49688

Summary

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix dynamic root getattr

The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd.

Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr().

This can be tested by stat'ing a directory in /afs. It may be sufficient just to do "ls /afs" and the oops looks something like:

    BUG: kernel NULL pointer dereference, address: 0000000000000020
    ...
    RIP: 0010:afs_getattr+0x8b/0x14b
    ...
    Call Trace:
     <TASK>
     vfs_statx+0x79/0xf5
     vfs_fstatat+0x49/0x62

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb76ea7c06b24dcf97ea3379b6957d5b99c346ea0 < 65c24caf1b9f5b08397c6e805ec24ebc390c6e4daffected
LinuxLinuxdba1941f5bc3de6b460685155b89ae1182824fc8 < e3a232e5767051483ffad4cef7d0a89d292a192baffected
LinuxLinux61a4cc41e5c1b77d05a12798f8032050aa75f3c8 < 7b564e3254b7db5fbfbf11a824627a6c31b932b4affected
LinuxLinux94bf8bfb009fad247d02f12e4c443411c8445412 < 2b2bba96526f25f2eba74ecadb031de2e05a83ceaffected
LinuxLinux2aeb8c86d49967552394d5e723f87454cb53f501 < 7844ceada44eca740d31beb3d97b8511b1ca0a9baffected
LinuxLinux2aeb8c86d49967552394d5e723f87454cb53f501 < cb78d1b5efffe4cf97e16766329dd7358aed3debaffected
LinuxLinux9e655a8b874d7c56e02938ddb221b16e293793dfaffected
LinuxLinux4.19.245 < 4.19.250affected
LinuxLinux5.4.196 < 5.4.202affected
LinuxLinux5.10.118 < 5.10.127affected
LinuxLinux5.15.42 < 5.15.51affected
LinuxLinux5.17.10 < 5.18affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux4.19.250 <= 4.19.*unaffected
LinuxLinux5.4.202 <= 5.4.*unaffected
LinuxLinux5.10.127 <= 5.10.*unaffected
LinuxLinux5.15.51 <= 5.15.*unaffected
LinuxLinux5.18.8 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

References