CVE-2022-50455

01.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

nfs: fix possible null-ptr-deref when parsing param

According to commit "vfs: parse: deal with zero length string value",
kernel will set the param->string to null pointer in vfs_parse_fs_string()
if fs string has zero length.

Yet the problem is that, nfs_fs_context_parse_param() will dereferences the
param->string, without checking whether it is a null pointer, which may
trigger a null-ptr-deref bug.

This patch solves it by adding sanity check on param->string
in nfs_fs_context_parse_param().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.8-1 fixed
sid	6.16.9-1 fixed

References

https://git.kernel.org/stable/c/46819f604557fe7bc39a6c352fd368371aa9cd6e

https://git.kernel.org/stable/c/55513864b418c6453d68aebc36cffcf965342426

https://git.kernel.org/stable/c/5559405df652008e56eee88872126fe4c451da67