CVE-2022-50455 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: nfs: fix possible null-ptr-deref when parsing param According to commit "vfs: parse: deal with zero length string value", kernel will set the param->string to null pointer in vfs_parse_fs_string() if fs string has zero length. Yet the problem is that, nfs_fs_context_parse_param() will dereferences the param->string, without checking whether it is a null pointer, which may trigger a null-ptr-deref bug. This patch solves it by adding sanity check on param->string in nfs_fs_context_parse_param().

PUBLISHED Reserved 2025-10-01 | Published 2025-10-01 | Updated 2025-10-01 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 46819f604557fe7bc39a6c352fd368371aa9cd6e

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 55513864b418c6453d68aebc36cffcf965342426

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 5559405df652008e56eee88872126fe4c451da67

affected

Default status

affected

6.0.16

unaffected

6.1.2

unaffected

6.2

unaffected

References

git.kernel.org/...c/46819f604557fe7bc39a6c352fd368371aa9cd6e

git.kernel.org/...c/55513864b418c6453d68aebc36cffcf965342426

git.kernel.org/...c/5559405df652008e56eee88872126fe4c451da67

cve.org (CVE-2022-50455)

nvd.nist.gov (CVE-2022-50455)

Download JSON