CVE-2022-49688

afs: Fix dynamic root getattr

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account
for the pseudo-inodes employed by the dynamic root-type afs superblock
not having a volume or a server to access, and thus an oops occurs if
such a directory is stat'd. Fix this by checking to see if the vnode->volume pointer actually points
anywhere before following it in afs_getattr(). This can be tested by stat'ing a directory in /afs. It may be
sufficient just to do "ls /afs" and the oops looks something like: BUG: kernel NULL pointer dereference, address: 0000000000000020 ... RIP: 0010:afs_getattr+0x8b/0x14b ... Call Trace: <TASK> vfs_statx+0x79/0xf5 vfs_fstatat+0x49/0x62

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd. Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr(). This can be tested by stat'ing a directory in /afs. It may be sufficient just to do "ls /afs" and the oops looks something like: BUG: kernel NULL pointer dereference, address: 0000000000000020 ... RIP: 0010:afs_getattr+0x8b/0x14b ... Call Trace: <TASK> vfs_statx+0x79/0xf5 vfs_fstatat+0x49/0x62

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/b76ea7c06b24dcf97ea3379b6957d5b99c346ea0	Vuln. Introduced
https://git.kernel.org/stable/c/dba1941f5bc3de6b460685155b89ae1182824fc8	Vuln. Introduced
https://git.kernel.org/stable/c/61a4cc41e5c1b77d05a12798f8032050aa75f3c8	Vuln. Introduced
https://git.kernel.org/stable/c/94bf8bfb009fad247d02f12e4c443411c8445412	Vuln. Introduced
https://git.kernel.org/stable/c/2aeb8c86d49967552394d5e723f87454cb53f501	Vuln. Introduced
https://git.kernel.org/stable/c/9e655a8b874d7c56e02938ddb221b16e293793df	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/65c24caf1b9f5b08397c6e805ec24ebc390c6e4d	2022-07-02
https://git.kernel.org/stable/c/e3a232e5767051483ffad4cef7d0a89d292a192b	2022-06-29
https://git.kernel.org/stable/c/7b564e3254b7db5fbfbf11a824627a6c31b932b4	2022-06-29
https://git.kernel.org/stable/c/2b2bba96526f25f2eba74ecadb031de2e05a83ce	2022-06-29
https://git.kernel.org/stable/c/7844ceada44eca740d31beb3d97b8511b1ca0a9b	2022-06-29
https://git.kernel.org/stable/c/cb78d1b5efffe4cf97e16766329dd7358aed3deb	2022-06-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.245 < 4.19.250 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.245 < 4.19.250"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.196 < 5.4.202 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.196 < 5.4.202"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.118 < 5.10.127 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.118 < 5.10.127"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.42 < 5.15.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.42 < 5.15.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 5.18.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 5.18.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 5.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.17.10 Search vendor "Linux" for product "Linux Kernel" and version "5.17.10"		en		Affected