What is the severity of CVE-2022-49928?

CVE-2022-49928 is classified as a medium-severity vulnerability affecting the Linux kernel.

How do I fix CVE-2022-49928?

To fix CVE-2022-49928, update to the latest version of the Linux kernel where the vulnerability has been patched.

What type of vulnerability is CVE-2022-49928?

CVE-2022-49928 is a null pointer dereference vulnerability in the Linux kernel.

What versions of Linux are affected by CVE-2022-49928?

CVE-2022-49928 affects multiple versions of the Linux kernel, particularly those prior to the patch release.

Can CVE-2022-49928 be exploited remotely?

CVE-2022-49928 may allow local attackers to exploit the vulnerability, but it is not characterized as a remote exploitation vulnerability.

Vulnerability/
CVE-2022-49928

1/5/2025

CVE-2022-49928: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed

First published: Thu May 01 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0 Read of size 8 at addr 0000000000000030 by task gssproxy/457 CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 kasan_report+0xa3/0x120 sysfs_do_create_link_sd+0x40/0xd0 rpc_sysfs_client_setup+0x161/0x1b0 rpc_new_client+0x3fc/0x6e0 rpc_create_xprt+0x71/0x220 rpc_create+0x1d4/0x350 gssp_rpc_create+0xc3/0x160 set_gssp_clnt+0xbc/0x140 write_gssp+0x116/0x1a0 proc_reg_write+0xd6/0x130 vfs_write+0x177/0x690 ksys_write+0xb9/0x150 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 When the xprt_switch sysfs alloc failed, should not add xprt and switch sysfs to it, otherwise, maybe null-ptr-deref; also initialize the 'xps_sysfs' to NULL to avoid oops when destroy it.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49928?
CVE-2022-49928 is classified as a medium-severity vulnerability affecting the Linux kernel.
How do I fix CVE-2022-49928?
To fix CVE-2022-49928, update to the latest version of the Linux kernel where the vulnerability has been patched.
What type of vulnerability is CVE-2022-49928?
CVE-2022-49928 is a null pointer dereference vulnerability in the Linux kernel.
What versions of Linux are affected by CVE-2022-49928?
CVE-2022-49928 affects multiple versions of the Linux kernel, particularly those prior to the patch release.
Can CVE-2022-49928 be exploited remotely?
CVE-2022-49928 may allow local attackers to exploit the vulnerability, but it is not characterized as a remote exploitation vulnerability.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/tags
agent/event
vendor/linux
canonical/linux kernel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.