CVE-2022-49810: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the first thing inside of the loop and do "continue" if it returns true in case the xarray walker passed out a special value indicating that the walk needs to be redone from the root[*]. Fix this by adding the missing retry checks. [*] I wonder if this should be done inside xas_find(), xas_next_node() and suchlike, but I'm told that's not an simple change to effect. This can cause an oops like that below. Note the faulting address - this is an internal value (|0x2) returned from xarray. BUG: kernel NULL pointer dereference, address: 0000000000000402 ... RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] ... Call Trace: netfs_rreq_assess+0xa6/0x240 [netfs] netfs_readpage+0x173/0x3b0 [netfs] ? init_wait_var_entry+0x50/0x50 filemap_read_page+0x33/0xf0 filemap_get_pages+0x2f2/0x3f0 filemap_read+0xaa/0x320 ? do_filp_open+0xb2/0x150 ? rmqueue+0x3be/0xe10 ceph_read_iter+0x1fe/0x680 [ceph] ? new_sync_read+0x115/0x1a0 new_sync_read+0x115/0x1a0 vfs_read+0xf3/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Changes: ======== ver #2) - Changed an unsigned int to a size_t to reduce the likelihood of an overflow as per Willy's suggestion. - Added an additional patch to fix the maths.
AI Analysis
Technical Summary
CVE-2022-49810 is a vulnerability identified in the Linux kernel's netfs subsystem, specifically related to the handling of xarray iterations under the RCU (Read-Copy-Update) read lock. The netfs library performs iterations over xarrays, which are data structures used for efficient storage and retrieval of indexed data. During these iterations, the code should invoke the xas_retry() function at the start of each loop iteration. This function checks if the xarray walker has returned a special value indicating that the iteration needs to be restarted from the root due to concurrent modifications. The vulnerability arises because these xas_retry() calls were missing in several places, leading to the possibility of dereferencing invalid pointers. This can cause a kernel oops, specifically a NULL pointer dereference, resulting in a crash of the kernel or a denial of service. The faulting address in the reported oops is an internal value returned from the xarray, which is not a valid memory address. The issue was addressed by adding the missing xas_retry() calls to ensure proper iteration and by changing an unsigned int to a size_t to reduce overflow risks. The vulnerability affects Linux kernel versions identified by the given commit hashes and is related to the netfs module, which is involved in network filesystem operations. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily in environments running Linux kernels with the affected netfs code, particularly those utilizing network filesystems that rely on netfs. The impact includes potential kernel crashes leading to denial of service conditions, which can disrupt critical services and applications. This is especially significant for data centers, cloud providers, and enterprises relying on Linux-based infrastructure for file sharing and network storage. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability could be exploited in multi-tenant environments to degrade service availability. Organizations with high availability requirements or those operating critical infrastructure could face operational disruptions. Additionally, the lack of authentication or user interaction requirements means that local processes or potentially remote network filesystem clients could trigger the issue if they can induce the vulnerable code paths. Given the widespread use of Linux in European IT infrastructure, the vulnerability could have broad implications if left unpatched.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49810. Specifically, applying the kernel updates that add the missing xas_retry() calls in netfs and the related overflow fix is critical. For environments where immediate patching is not feasible, organizations should audit the use of network filesystems relying on netfs and consider restricting access to these services to trusted users and networks to reduce the risk of triggering the vulnerability. Monitoring kernel logs for oops or crash reports related to netfs can help detect exploitation attempts or instability. Additionally, implementing kernel crash dump analysis and automated recovery mechanisms can minimize downtime. Organizations should also review their incident response plans to handle potential denial of service events caused by kernel crashes. Finally, engaging with Linux distribution vendors for timely security updates and testing patches in staging environments before production deployment will ensure a smooth mitigation process.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49810: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the first thing inside of the loop and do "continue" if it returns true in case the xarray walker passed out a special value indicating that the walk needs to be redone from the root[*]. Fix this by adding the missing retry checks. [*] I wonder if this should be done inside xas_find(), xas_next_node() and suchlike, but I'm told that's not an simple change to effect. This can cause an oops like that below. Note the faulting address - this is an internal value (|0x2) returned from xarray. BUG: kernel NULL pointer dereference, address: 0000000000000402 ... RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] ... Call Trace: netfs_rreq_assess+0xa6/0x240 [netfs] netfs_readpage+0x173/0x3b0 [netfs] ? init_wait_var_entry+0x50/0x50 filemap_read_page+0x33/0xf0 filemap_get_pages+0x2f2/0x3f0 filemap_read+0xaa/0x320 ? do_filp_open+0xb2/0x150 ? rmqueue+0x3be/0xe10 ceph_read_iter+0x1fe/0x680 [ceph] ? new_sync_read+0x115/0x1a0 new_sync_read+0x115/0x1a0 vfs_read+0xf3/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Changes: ======== ver #2) - Changed an unsigned int to a size_t to reduce the likelihood of an overflow as per Willy's suggestion. - Added an additional patch to fix the maths.
AI-Powered Analysis
Technical Analysis
CVE-2022-49810 is a vulnerability identified in the Linux kernel's netfs subsystem, specifically related to the handling of xarray iterations under the RCU (Read-Copy-Update) read lock. The netfs library performs iterations over xarrays, which are data structures used for efficient storage and retrieval of indexed data. During these iterations, the code should invoke the xas_retry() function at the start of each loop iteration. This function checks if the xarray walker has returned a special value indicating that the iteration needs to be restarted from the root due to concurrent modifications. The vulnerability arises because these xas_retry() calls were missing in several places, leading to the possibility of dereferencing invalid pointers. This can cause a kernel oops, specifically a NULL pointer dereference, resulting in a crash of the kernel or a denial of service. The faulting address in the reported oops is an internal value returned from the xarray, which is not a valid memory address. The issue was addressed by adding the missing xas_retry() calls to ensure proper iteration and by changing an unsigned int to a size_t to reduce overflow risks. The vulnerability affects Linux kernel versions identified by the given commit hashes and is related to the netfs module, which is involved in network filesystem operations. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily in environments running Linux kernels with the affected netfs code, particularly those utilizing network filesystems that rely on netfs. The impact includes potential kernel crashes leading to denial of service conditions, which can disrupt critical services and applications. This is especially significant for data centers, cloud providers, and enterprises relying on Linux-based infrastructure for file sharing and network storage. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability could be exploited in multi-tenant environments to degrade service availability. Organizations with high availability requirements or those operating critical infrastructure could face operational disruptions. Additionally, the lack of authentication or user interaction requirements means that local processes or potentially remote network filesystem clients could trigger the issue if they can induce the vulnerable code paths. Given the widespread use of Linux in European IT infrastructure, the vulnerability could have broad implications if left unpatched.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49810. Specifically, applying the kernel updates that add the missing xas_retry() calls in netfs and the related overflow fix is critical. For environments where immediate patching is not feasible, organizations should audit the use of network filesystems relying on netfs and consider restricting access to these services to trusted users and networks to reduce the risk of triggering the vulnerability. Monitoring kernel logs for oops or crash reports related to netfs can help detect exploitation attempts or instability. Additionally, implementing kernel crash dump analysis and automated recovery mechanisms can minimize downtime. Organizations should also review their incident response plans to handle potential denial of service events caused by kernel crashes. Finally, engaging with Linux distribution vendors for timely security updates and testing patches in staging environments before production deployment will ensure a smooth mitigation process.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.226Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4ca2
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 1:55:45 AM
Last updated: 7/30/2025, 5:32:36 PM
Views: 16
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.