CVE-2022-49688
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix dynamic root getattr
The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd.
Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr().
This can be tested by stat'ing a directory in /afs. It may be sufficient just to do "ls /afs" and the oops looks something like:
BUG: kernel NULL pointer dereference, address: 0000000000000020
...
RIP: 0010:afs_getattr+0x8b/0x14b
...
Call Trace:
<TASK>
vfs_statx+0x79/0xf5
vfs_fstatat+0x49/0x62
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 < 65c24caf1b9f5b08397c6e805ec24ebc390c6e4d | affected |
| Linux | Linux | dba1941f5bc3de6b460685155b89ae1182824fc8 < e3a232e5767051483ffad4cef7d0a89d292a192b | affected |
| Linux | Linux | 61a4cc41e5c1b77d05a12798f8032050aa75f3c8 < 7b564e3254b7db5fbfbf11a824627a6c31b932b4 | affected |
| Linux | Linux | 94bf8bfb009fad247d02f12e4c443411c8445412 < 2b2bba96526f25f2eba74ecadb031de2e05a83ce | affected |
| Linux | Linux | 2aeb8c86d49967552394d5e723f87454cb53f501 < 7844ceada44eca740d31beb3d97b8511b1ca0a9b | affected |
| Linux | Linux | 2aeb8c86d49967552394d5e723f87454cb53f501 < cb78d1b5efffe4cf97e16766329dd7358aed3deb | affected |
| Linux | Linux | 9e655a8b874d7c56e02938ddb221b16e293793df | affected |
| Linux | Linux | 4.19.245 < 4.19.250 | affected |
| Linux | Linux | 5.4.196 < 5.4.202 | affected |
| Linux | Linux | 5.10.118 < 5.10.127 | affected |
| Linux | Linux | 5.15.42 < 5.15.51 | affected |
| Linux | Linux | 5.17.10 < 5.18 | affected |
| Linux | Linux | 5.18 | affected |
| Linux | Linux | 0 < 5.18 | unaffected |
| Linux | Linux | 4.19.250 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.202 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.127 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.51 <= 5.15.* | unaffected |
| Linux | Linux | 5.18.8 <= 5.18.* | unaffected |
| Linux | Linux | 5.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/65c24caf1b9f5b08397c6e805ec24ebc390c6e4d
- https://git.kernel.org/stable/c/e3a232e5767051483ffad4cef7d0a89d292a192b
- https://git.kernel.org/stable/c/7b564e3254b7db5fbfbf11a824627a6c31b932b4
- https://git.kernel.org/stable/c/2b2bba96526f25f2eba74ecadb031de2e05a83ce
- https://git.kernel.org/stable/c/7844ceada44eca740d31beb3d97b8511b1ca0a9b
- https://git.kernel.org/stable/c/cb78d1b5efffe4cf97e16766329dd7358aed3deb
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.