Login Sign Up

CVE-2022-49688

5.5 MEDIUM

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's AFS (Andrew File System) client allows local attackers to cause a kernel panic (denial of service) by stat'ing directories in /afs. This affects Linux systems using the AFS filesystem with dynamic root-type superblocks.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with AFS support before fixes were applied (specific commit ranges vary by stable branch)
Operating Systems: Linux distributions with AFS filesystem support
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when AFS filesystem is mounted with dynamic root-type superblocks. Most systems don't use AFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local unprivileged user triggers kernel panic, causing system crash and denial of service.

🟠

Likely Case

Accidental or malicious local user crashes system by accessing /afs directories, requiring reboot.

🟢

If Mitigated

No impact if AFS filesystem is not mounted or system is patched.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local users (including compromised accounts) can cause system crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Simple local trigger via 'stat' or 'ls' commands on /afs directories. No privilege escalation or code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 2b2bba96526f, 65c24caf1b9f, 7844ceada44e, 7b564e3254b7, cb78d1b5efff

Vendor Advisory: https://git.kernel.org/stable/c/2b2bba96526f25f2eba74ecadb031de2e05a83ce

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check distribution security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Unmount AFS filesystem

linux

Remove AFS mounts to prevent exploitation

umount /afs
comment out AFS entries in /etc/fstab

Restrict access to /afs

linux

Prevent users from accessing vulnerable directories

chmod 000 /afs
setfacl -m u::---,g::---,o::--- /afs

🧯 If You Can't Patch

  • Unmount AFS filesystem if not required
  • Implement strict access controls to prevent local users from accessing /afs directories

🔍 How to Verify

Check if Vulnerable:

Check if AFS is mounted: 'mount | grep afs' and test with 'stat /afs' or 'ls /afs' (may crash system)

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: 'uname -r' and verify with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • NULL pointer dereference in kernel logs
  • System crash/reboot events

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND "NULL pointer dereference" AND "afs_getattr"

📊 Metadata

CVE ID: CVE-2022-49688
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.04% exploit probability (10.1th percentile)
Published: February 26, 2025
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49688, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)