| From bippy-1.1.0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@kernel.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2022-49928: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed |
| |
| There is a null-ptr-deref when xps sysfs alloc failed: |
| BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0 |
| Read of size 8 at addr 0000000000000030 by task gssproxy/457 |
| |
| CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9 |
| Call Trace: |
| <TASK> |
| dump_stack_lvl+0x34/0x44 |
| kasan_report+0xa3/0x120 |
| sysfs_do_create_link_sd+0x40/0xd0 |
| rpc_sysfs_client_setup+0x161/0x1b0 |
| rpc_new_client+0x3fc/0x6e0 |
| rpc_create_xprt+0x71/0x220 |
| rpc_create+0x1d4/0x350 |
| gssp_rpc_create+0xc3/0x160 |
| set_gssp_clnt+0xbc/0x140 |
| write_gssp+0x116/0x1a0 |
| proc_reg_write+0xd6/0x130 |
| vfs_write+0x177/0x690 |
| ksys_write+0xb9/0x150 |
| do_syscall_64+0x35/0x80 |
| entry_SYSCALL_64_after_hwframe+0x46/0xb0 |
| |
| When the xprt_switch sysfs alloc failed, should not add xprt and |
| switch sysfs to it, otherwise, maybe null-ptr-deref; also initialize |
| the 'xps_sysfs' to NULL to avoid oops when destroy it. |
| |
| The Linux kernel CVE team has assigned CVE-2022-49928 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.14 with commit baea99445dd4675a834e8a5987d2f368adb62e6c and fixed in 5.15.78 with commit d59722d088a9d86ce6d9d39979e5d1d669d249f7 |
| Issue introduced in 5.14 with commit baea99445dd4675a834e8a5987d2f368adb62e6c and fixed in 6.0.8 with commit 7b189b0aa8dab14b49c31c65af8a982e96e25b62 |
| Issue introduced in 5.14 with commit baea99445dd4675a834e8a5987d2f368adb62e6c and fixed in 6.1 with commit cbdeaee94a415800c65a8c3fa04d9664a8b8fb3a |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2022-49928 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| net/sunrpc/sysfs.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/d59722d088a9d86ce6d9d39979e5d1d669d249f7 |
| https://git.kernel.org/stable/c/7b189b0aa8dab14b49c31c65af8a982e96e25b62 |
| https://git.kernel.org/stable/c/cbdeaee94a415800c65a8c3fa04d9664a8b8fb3a |
