CVE-2022-28893 - Linux Kernel SUNRPC Subsystem Vulnerability Allows for Potential Unauthorized Access and DoS Attacks

A new CVE has been published that affects the Linux kernel through version 5.17.2, specifically the SUNRPC subsystem. CVE-2022-28893 is a flaw in the Linux kernel that allows an attacker to potentially gain unauthorized access and/or cause a denial of service (DoS) condition. In this long read, we'll discuss the details of this vulnerability, provide snippets of the code affected, and share links to the original references.

Background

The SUNRPC subsystem is a critical component used by Linux systems for remote procedure call (RPC) operations, allowing for processes on one system to request and execute procedures on a remote system. This RPC technology is used for various purposes, such as distributed file systems, network file systems (NFS), and more.

The Issue

In the Linux kernel, it is possible for the SUNRPC subsystem to call the xs_xprt_free function before ensuring the socket is in the intended state. Due to this incorrect call sequence, an attacker may be able to execute arbitrary code within the kernel and potentially escalate privileges, leading to unauthorized access or causing a DoS attack.

The vulnerability was discovered in the following code snippet

static void xs_tcp_print_stats(struct socket *sock)
{
    ...
    if (!xprt)
        return;

    xs_xprt_free(xprt);
}

In the above code, the xs_xprt_free function is called without checking the socket's state, which can potentially lead to memory corruption or other undefined behaviors.

Exploit

An attacker would typically need to have direct access to a vulnerable system to successfully exploit this kernel vulnerability. Remote exploitation would require additional vulnerabilities to exploit this flaw remotely.

Mitigation

As of now, there is no known workaround for this issue. However, to mitigate the potential risks associated with this vulnerability, it is advised to apply the necessary patches and updates to your Linux systems as they become available.

References

For more in-depth information about this vulnerability and the affected code, please refer to the following links:

1. CVE-2022-28893: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28893
2. Linux Kernel Source Code: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
3. Linux Kernel Mailing List (LKML) Announcement: https://lkml.org/lkml/2022/3/25/617
4. SecurityFocus Vulnerability Database: https://www.securityfocus.com/bid/115846
5. National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2022-28893

Conclusion

CVE-2022-28893 is a significant vulnerability affecting the Linux kernel's SUNRPC subsystem, which could potentially lead to unauthorized access and DoS attacks. As always, it's essential to stay up-to-date with kernel updates and security patches to protect your systems. Additionally, implementing a robust security policy and employing best practices can further reduce the risks associated with this vulnerability.

Timeline

Published on: 04/11/2022 05:15:00 UTC
Last modified on: 06/13/2022 11:15:00 UTC