| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2022-49688: afs: Fix dynamic root getattr |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| afs: Fix dynamic root getattr |
| |
| The recent patch to make afs_getattr consult the server didn't account |
| for the pseudo-inodes employed by the dynamic root-type afs superblock |
| not having a volume or a server to access, and thus an oops occurs if |
| such a directory is stat'd. |
| |
| Fix this by checking to see if the vnode->volume pointer actually points |
| anywhere before following it in afs_getattr(). |
| |
| This can be tested by stat'ing a directory in /afs. It may be |
| sufficient just to do "ls /afs" and the oops looks something like: |
| |
| BUG: kernel NULL pointer dereference, address: 0000000000000020 |
| ... |
| RIP: 0010:afs_getattr+0x8b/0x14b |
| ... |
| Call Trace: |
| <TASK> |
| vfs_statx+0x79/0xf5 |
| vfs_fstatat+0x49/0x62 |
| |
| The Linux kernel CVE team has assigned CVE-2022-49688 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 4.19.245 with commit b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 and fixed in 4.19.250 with commit 65c24caf1b9f5b08397c6e805ec24ebc390c6e4d |
| Issue introduced in 5.4.196 with commit dba1941f5bc3de6b460685155b89ae1182824fc8 and fixed in 5.4.202 with commit e3a232e5767051483ffad4cef7d0a89d292a192b |
| Issue introduced in 5.10.118 with commit 61a4cc41e5c1b77d05a12798f8032050aa75f3c8 and fixed in 5.10.127 with commit 7b564e3254b7db5fbfbf11a824627a6c31b932b4 |
| Issue introduced in 5.15.42 with commit 94bf8bfb009fad247d02f12e4c443411c8445412 and fixed in 5.15.51 with commit 2b2bba96526f25f2eba74ecadb031de2e05a83ce |
| Issue introduced in 5.18 with commit 2aeb8c86d49967552394d5e723f87454cb53f501 and fixed in 5.18.8 with commit 7844ceada44eca740d31beb3d97b8511b1ca0a9b |
| Issue introduced in 5.18 with commit 2aeb8c86d49967552394d5e723f87454cb53f501 and fixed in 5.19 with commit cb78d1b5efffe4cf97e16766329dd7358aed3deb |
| Issue introduced in 5.17.10 with commit 9e655a8b874d7c56e02938ddb221b16e293793df |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2022-49688 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| fs/afs/inode.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/65c24caf1b9f5b08397c6e805ec24ebc390c6e4d |
| https://git.kernel.org/stable/c/e3a232e5767051483ffad4cef7d0a89d292a192b |
| https://git.kernel.org/stable/c/7b564e3254b7db5fbfbf11a824627a6c31b932b4 |
| https://git.kernel.org/stable/c/2b2bba96526f25f2eba74ecadb031de2e05a83ce |
| https://git.kernel.org/stable/c/7844ceada44eca740d31beb3d97b8511b1ca0a9b |
| https://git.kernel.org/stable/c/cb78d1b5efffe4cf97e16766329dd7358aed3deb |
