CVE-2022-49928

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A null pointer dereference issue has been identified in the Linux kernel's SUNRPC component. This issue occurs when the allocation of sysfs for xps fails, potentially leading to a null pointer dereference. The problem arises in the sysfs do create link sd function and is related to the rpc sysfs client setup and rpc new client functions. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions prior to the fixed version, initialize the 'xps sysfs' to NULL to avoid errors when destroying it. When the xprt switch sysfs allocation fails, do not add xprt and switch sysfs to it to prevent potential null pointer dereferences. As a temporary workaround, consider disabling the sysfs do create link sd function until a patch is available. Restrict access to the vulnerable rpc sysfs client setup and rpc new client functions to minimize the risk of exploitation.