CVE-2022-50455 — Vulnetix

CVE-2022-50455 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: nfs: fix possible null-ptr-deref when parsing param According to commit "vfs: parse: deal with zero length string value", kernel will set the param->string to null pointer in vfs_parse_fs_string() if fs string has zero length. Yet the problem is that, nfs_fs_context_parse_param() will dereferences the param->string, without checking whether it is a null pointer, which may trigger a null-ptr-deref bug. This patch solves it by adding sanity check on param->string in nfs_fs_context_parse_param().

EPSS 0.03% · 5.5th percentile

Risk Scores

EPSS Score

0.03%

5.5th percentile

Timeline

Oct 1, 2025 EPSS Score
Oct 2, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 4, 2025 EPSS Score
Oct 5, 2025 EPSS Score
Oct 6, 2025 EPSS Score
Oct 7, 2025 EPSS Score
Oct 8, 2025 EPSS Score
Oct 9, 2025 EPSS Score
Oct 10, 2025 EPSS Score
Oct 10, 2025 CVE Rejected
Oct 10, 2025 CVE Updated

References

https://nvd.nist.gov/vuln/detail/CVE-2022-50455 advisory
https://git.kernel.org/stable/c/46819f604557fe7bc39a6c352fd368371aa9cd6e url
https://git.kernel.org/stable/c/55513864b418c6453d68aebc36cffcf965342426 url
https://git.kernel.org/stable/c/5559405df652008e56eee88872126fe4c451da67 url

Open in Interactive Console →