CVE-2022-49688

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> afs: Fix dynamic root getattr<br /> <br /> The recent patch to make afs_getattr consult the server didn&amp;#39;t account<br /> for the pseudo-inodes employed by the dynamic root-type afs superblock<br /> not having a volume or a server to access, and thus an oops occurs if<br /> such a directory is stat&amp;#39;d.<br /> <br /> Fix this by checking to see if the vnode-&gt;volume pointer actually points<br /> anywhere before following it in afs_getattr().<br /> <br /> This can be tested by stat&amp;#39;ing a directory in /afs. It may be<br /> sufficient just to do "ls /afs" and the oops looks something like:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000020<br /> ...<br /> RIP: 0010:afs_getattr+0x8b/0x14b<br /> ...<br /> Call Trace:<br /> <br /> vfs_statx+0x79/0xf5<br /> vfs_fstatat+0x49/0x62