CVE-2022-50455
nfs: fix possible null-ptr-deref when parsing param
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
INFO
Published Date :
Oct. 1, 2025, 12:15 p.m.
Last Modified :
Oct. 10, 2025, 4:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the kernel patch addressing the null-ptr-deref in NFS.
- Ensure param->string is checked before dereferencing.
- Update the Linux kernel to the latest secure version.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-50455 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-50455 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 10, 2025
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 10, 2025
Action Type Old Value New Value Changed Description In the Linux kernel, the following vulnerability has been resolved: nfs: fix possible null-ptr-deref when parsing param According to commit "vfs: parse: deal with zero length string value", kernel will set the param->string to null pointer in vfs_parse_fs_string() if fs string has zero length. Yet the problem is that, nfs_fs_context_parse_param() will dereferences the param->string, without checking whether it is a null pointer, which may trigger a null-ptr-deref bug. This patch solves it by adding sanity check on param->string in nfs_fs_context_parse_param(). Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Removed Reference kernel.org: https://git.kernel.org/stable/c/46819f604557fe7bc39a6c352fd368371aa9cd6e Removed Reference kernel.org: https://git.kernel.org/stable/c/55513864b418c6453d68aebc36cffcf965342426 Removed Reference kernel.org: https://git.kernel.org/stable/c/5559405df652008e56eee88872126fe4c451da67 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 01, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: nfs: fix possible null-ptr-deref when parsing param According to commit "vfs: parse: deal with zero length string value", kernel will set the param->string to null pointer in vfs_parse_fs_string() if fs string has zero length. Yet the problem is that, nfs_fs_context_parse_param() will dereferences the param->string, without checking whether it is a null pointer, which may trigger a null-ptr-deref bug. This patch solves it by adding sanity check on param->string in nfs_fs_context_parse_param(). Added Reference https://git.kernel.org/stable/c/46819f604557fe7bc39a6c352fd368371aa9cd6e Added Reference https://git.kernel.org/stable/c/55513864b418c6453d68aebc36cffcf965342426 Added Reference https://git.kernel.org/stable/c/5559405df652008e56eee88872126fe4c451da67