PT-2025-7993 · Linux+3 · Linux Kernel+3

Published

2022-04-06

Updated

2025-05-22

CVE-2022-49065

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19

Description A NULL dereference crash occurs in the Linux kernel when an svc rqst is deferred while the sunrpc tracing subsystem is enabled. This happens because svc revisit() sets dr->xprt to NULL, which cannot be relied upon in the tracepoint to provide the remote's address. The issue is related to the svc deferred event trace class in the SUNRPC subsystem.

Recommendations For Linux kernel versions prior to 5.19, consider applying the fix that converts the dr::addr field into a presentation address in the TP fast assign() arm of the trace event, and store that as a string, as a temporary workaround until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-06038

CVE-2022-49065

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-7993 · Linux+3 · Linux Kernel+3

CVE-2022-49065

Weakness Enumeration

Related Identifiers

Affected Products

References · 1502