cve-2022-49810
Vulnerability from cvelistv5
Published
2025-05-01 14:09
Modified
2025-05-01 14:09
Severity ?
Summary
netfs: Fix missing xas_retry() calls in xarray iteration
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7e043a80b5dae5c2d2cf84031501de7827fd6c00
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/netfs/buffered_read.c",
            "fs/netfs/io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d",
              "status": "affected",
              "version": "3d3c95046742e4eebaa4b891b0b01cbbed94ebbd",
              "versionType": "git"
            },
            {
              "lessThan": "7e043a80b5dae5c2d2cf84031501de7827fd6c00",
              "status": "affected",
              "version": "3d3c95046742e4eebaa4b891b0b01cbbed94ebbd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/netfs/buffered_read.c",
            "fs/netfs/io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix missing xas_retry() calls in xarray iteration\n\nnetfslib has a number of places in which it performs iteration of an xarray\nwhilst being under the RCU read lock.  It *should* call xas_retry() as the\nfirst thing inside of the loop and do \"continue\" if it returns true in case\nthe xarray walker passed out a special value indicating that the walk needs\nto be redone from the root[*].\n\nFix this by adding the missing retry checks.\n\n[*] I wonder if this should be done inside xas_find(), xas_next_node() and\n    suchlike, but I\u0027m told that\u0027s not an simple change to effect.\n\nThis can cause an oops like that below.  Note the faulting address - this\nis an internal value (|0x2) returned from xarray.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000402\n...\nRIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]\n...\nCall Trace:\n netfs_rreq_assess+0xa6/0x240 [netfs]\n netfs_readpage+0x173/0x3b0 [netfs]\n ? init_wait_var_entry+0x50/0x50\n filemap_read_page+0x33/0xf0\n filemap_get_pages+0x2f2/0x3f0\n filemap_read+0xaa/0x320\n ? do_filp_open+0xb2/0x150\n ? rmqueue+0x3be/0xe10\n ceph_read_iter+0x1fe/0x680 [ceph]\n ? new_sync_read+0x115/0x1a0\n new_sync_read+0x115/0x1a0\n vfs_read+0xf3/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nChanges:\n========\nver #2)\n - Changed an unsigned int to a size_t to reduce the likelihood of an\n   overflow as per Willy\u0027s suggestion.\n - Added an additional patch to fix the maths."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-01T14:09:35.470Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e043a80b5dae5c2d2cf84031501de7827fd6c00"
        }
      ],
      "title": "netfs: Fix missing xas_retry() calls in xarray iteration",
      "x_generator": {
        "engine": "bippy-1.1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49810",
    "datePublished": "2025-05-01T14:09:35.470Z",
    "dateReserved": "2025-05-01T14:05:17.226Z",
    "dateUpdated": "2025-05-01T14:09:35.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49810\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:04.347\",\"lastModified\":\"2025-05-01T15:16:04.347\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfs: Fix missing xas_retry() calls in xarray iteration\\n\\nnetfslib has a number of places in which it performs iteration of an xarray\\nwhilst being under the RCU read lock.  It *should* call xas_retry() as the\\nfirst thing inside of the loop and do \\\"continue\\\" if it returns true in case\\nthe xarray walker passed out a special value indicating that the walk needs\\nto be redone from the root[*].\\n\\nFix this by adding the missing retry checks.\\n\\n[*] I wonder if this should be done inside xas_find(), xas_next_node() and\\n    suchlike, but I\u0027m told that\u0027s not an simple change to effect.\\n\\nThis can cause an oops like that below.  Note the faulting address - this\\nis an internal value (|0x2) returned from xarray.\\n\\nBUG: kernel NULL pointer dereference, address: 0000000000000402\\n...\\nRIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]\\n...\\nCall Trace:\\n netfs_rreq_assess+0xa6/0x240 [netfs]\\n netfs_readpage+0x173/0x3b0 [netfs]\\n ? init_wait_var_entry+0x50/0x50\\n filemap_read_page+0x33/0xf0\\n filemap_get_pages+0x2f2/0x3f0\\n filemap_read+0xaa/0x320\\n ? do_filp_open+0xb2/0x150\\n ? rmqueue+0x3be/0xe10\\n ceph_read_iter+0x1fe/0x680 [ceph]\\n ? new_sync_read+0x115/0x1a0\\n new_sync_read+0x115/0x1a0\\n vfs_read+0xf3/0x180\\n ksys_read+0x5f/0xe0\\n do_syscall_64+0x38/0x90\\n entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nChanges:\\n========\\nver #2)\\n - Changed an unsigned int to a size_t to reduce the likelihood of an\\n   overflow as per Willy\u0027s suggestion.\\n - Added an additional patch to fix the maths.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/7e043a80b5dae5c2d2cf84031501de7827fd6c00\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.