CVE-2022-49928 is a vulnerability identified in the Linux kernel related to the SUNRPC subsystem, specifically involving a null pointer dereference (null-ptr-deref) triggered when the xps sysfs allocation fails. The vulnerability arises during the creation of sysfs links for transport (xprt) switches in the RPC client setup process. When the allocation of the xprt_switch sysfs entry fails, the kernel code incorrectly attempts to add the xprt and switch sysfs entries without verifying the allocation success, leading to a null pointer dereference. This causes a kernel oops or crash, as evidenced by the KASAN (Kernel Address Sanitizer) report showing a read of size 8 at a null address. The issue occurs in the function sysfs_do_create_link_sd and propagates through rpc_sysfs_client_setup and rpc_new_client calls, ultimately affecting the gssproxy process. The root cause is the lack of proper error handling and initialization of the xps_sysfs pointer to NULL, which should prevent dereferencing invalid pointers during cleanup or destruction. This vulnerability can lead to denial of service (DoS) by crashing the kernel or causing instability. The affected versions are specific Linux kernel commits identified by their hashes, and the vulnerability was published on May 1, 2025. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily in environments running affected Linux kernel versions, especially those utilizing SUNRPC services such as NFS or other RPC-based services. A successful exploitation could cause kernel crashes leading to denial of service, impacting availability of critical systems including servers, network appliances, and infrastructure components. This could disrupt business operations, particularly in sectors relying heavily on Linux-based infrastructure such as finance, telecommunications, government, and cloud service providers. Although no remote code execution or privilege escalation is indicated, the DoS impact could be leveraged as part of a broader attack chain or to cause operational disruption. The lack of known exploits reduces immediate risk, but the vulnerability’s presence in kernel-level code means that any exploitation would have system-wide effects. European organizations with large-scale Linux deployments or those using RPC heavily should prioritize patching to maintain service continuity and system stability.

1. Apply the official Linux kernel patches that address CVE-2022-49928 as soon as they are available and tested in your environment. Since the vulnerability is in the kernel, updating to a fixed kernel version is the most effective mitigation. 2. For environments where immediate patching is not feasible, consider disabling or restricting SUNRPC services if they are not essential, to reduce the attack surface. 3. Implement kernel crash monitoring and alerting to detect and respond quickly to any kernel oops or crashes potentially related to this vulnerability. 4. Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before production deployment. 5. Maintain strict access controls and monitoring on systems running RPC services to detect abnormal usage patterns or attempts to trigger the vulnerability. 6. Engage with Linux distribution vendors for backported patches if using long-term support kernels or enterprise distributions. 7. Document and review system configurations to ensure sysfs and RPC subsystems are not exposed unnecessarily, limiting potential exploitation vectors.