CVE-2022-49688 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix dynamic root getattr
The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd.
Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr().
This can be tested by stat'ing a directory in /afs. It may be sufficient just to do "ls /afs" and the oops looks something like:
BUG: kernel NULL pointer dereference, address: 0000000000000020 ... RIP: 0010:afs_getattr+0x8b/0x14b ... Call Trace: vfs_statx+0x79/0xf5 vfs_fstatat+0x49/0x62
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/24/2025
The vulnerability described in CVE-2022-49688 represents a critical null pointer dereference flaw within the Linux kernel's Andrew File System (AFS) implementation. This issue specifically affects the dynamic root-type AFS superblock functionality where pseudo-inodes are employed without proper volume or server references, creating a scenario where kernel memory corruption can occur during file system attribute retrieval operations. The flaw manifests when the afs_getattr function attempts to access vnode metadata without validating the existence of required volume pointers, leading to a kernel oops condition that can compromise system stability and potentially provide attack vectors for privilege escalation.
The technical implementation of this vulnerability stems from insufficient input validation within the afs_getattr function located in the AFS subsystem of the Linux kernel. When a directory within the /afs namespace is accessed through stat operations, the function attempts to traverse the volume pointer chain without first verifying that the pointer is valid and non-null. This particular code path is triggered by operations such as "ls /afs" which invoke the getattr functionality to retrieve directory metadata. The vulnerability is classified under CWE-476 as a NULL pointer dereference, representing a fundamental flaw in pointer validation that allows attackers to cause kernel crashes through legitimate file system operations.
The operational impact of this vulnerability extends beyond simple system instability, as it can be exploited to cause denial of service conditions that may persist until system reboot. The kernel NULL pointer dereference occurs at address 0x0000000000000020 within the afs_getattr function, indicating that the system attempts to access memory at an invalid offset when processing pseudo-inodes in the dynamic root superblock context. This behavior can be reliably reproduced through basic file system operations, making it particularly dangerous in production environments where automated monitoring systems may not detect the subtle denial of service conditions. The vulnerability directly impacts the kernel's ability to maintain consistent file system metadata access, potentially allowing for more sophisticated attacks that leverage the kernel memory corruption for privilege escalation or information disclosure.
The recommended mitigation strategy involves implementing proper pointer validation before dereferencing volume pointers within the afs_getattr function, ensuring that the vnode->volume pointer is checked for null values before any access operations are performed. This fix aligns with established security practices for kernel module development and follows the principle of least privilege by preventing unauthorized memory access patterns. System administrators should prioritize applying the kernel patch that resolves this vulnerability, as the issue affects the core file system functionality and can be triggered through normal user operations. The fix specifically addresses the root cause by adding a validation check that prevents the kernel from attempting to access invalid memory addresses when processing pseudo-inodes in dynamic root AFS superblocks, thereby restoring system stability and preventing potential exploitation for more serious security breaches. This vulnerability demonstrates the critical importance of proper input validation in kernel-space code and highlights the potential for seemingly benign file system operations to expose fundamental system stability issues that can be exploited for system compromise.