CVE-2022-49688
Published: Feb 26, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd. Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr(). This can be tested by stat'ing a directory in /afs. It may be sufficient just to do "ls /afs" and the oops looks something like: BUG: kernel NULL pointer dereference, address: 0000000000000020 ... RIP: 0010:afs_getattr+0x8b/0x14b ... Call Trace: <TASK> vfs_statx+0x79/0xf5 vfs_fstatat+0x49/0x62
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 - < 65c24caf1b9f5b08397c6e805ec24ebc390c6e4daffected dba1941f5bc3de6b460685155b89ae1182824fc8 - < e3a232e5767051483ffad4cef7d0a89d292a192baffected 61a4cc41e5c1b77d05a12798f8032050aa75f3c8 - < 7b564e3254b7db5fbfbf11a824627a6c31b932b4affected 94bf8bfb009fad247d02f12e4c443411c8445412 - < 2b2bba96526f25f2eba74ecadb031de2e05a83ceaffected 2aeb8c86d49967552394d5e723f87454cb53f501 - < 7844ceada44eca740d31beb3d97b8511b1ca0a9b+7 more versions |
Linux | Linux | affected 5.18unaffected 0 - < 5.18unaffected 4.19.250 - <= 4.19.*unaffected 5.4.202 - <= 5.4.*unaffected 5.10.127 - <= 5.10.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now