ACK: [SRU][J][PATCH 0/3] SUNRPC: System wide grep leads to NULL pointer deference in sysfs reads
Gabriela Bittencourt
gabriela.bittencourt at canonical.com
Fri May 8 08:18:25 UTC 2026
On 5/4/26 01:10, Matthew Ruffell wrote:
> BugLink: https://bugs.launchpad.net/bugs/2149767
>
> [Impact]
>
> An unprivileged user doing a simple system wide grep can cause a NULL pointer
> dereference and oops in the SUNRPC subsystem, leading to a local Denial Of
> Service.
<snip>
> [Other info]
>
> This is known as CVE-2022-48816.
>
> https://ubuntu.com/security/CVE-2022-48816
> https://nvd.nist.gov/vuln/detail/cve-2022-48816
>
> Anna Schumaker (1):
> SUNRPC: Check if the xprt is connected before handling sysfs reads
>
> NeilBrown (1):
> SUNRPC: lock against ->sock changing during sysfs read
>
> Trond Myklebust (1):
> SUNRPC: Do not dereference non-socket transports in sysfs
>
> include/linux/sunrpc/xprt.h | 3 ++
> include/linux/sunrpc/xprtsock.h | 1 -
> net/sunrpc/sysfs.c | 62 ++++++++++++++++++---------------
> net/sunrpc/xprtsock.c | 33 ++++++++++++++++--
> 4 files changed, 67 insertions(+), 32 deletions(-)
>
Acked-by: Gabriela Bittencourt <gabriela.bittencourt at canonical.com>
More information about the kernel-team
mailing list