NULL Pointer Dereference Affecting gfs2-kmp-default package, versions <5.3.18-150300.59.207.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.16% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES153-GFS2KMPDEFAULT-10381110
  • published18 Jun 2025
  • disclosed17 Jun 2025

Introduced: 17 Jun 2025

CVE-2022-49889  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade SLES:15.3 gfs2-kmp-default to version 5.3.18-150300.59.207.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream gfs2-kmp-default package and not the gfs2-kmp-default package as distributed by SLES. See How to fix? for SLES:15.3 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()

On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a per_cpu directory with access to the per CPU ring buffer via a cpuX file. But to save space, the ring buffer will only allocate buffers for online CPUs, even though the CPU array will be as big as the nr_cpu_ids.

With the addition of waking waiters on the ring buffer when closing the file, the ring_buffer_wake_waiters() now needs to make sure that the buffer is allocated (with the irq_work allocated with it) before trying to wake waiters, as it will cause a NULL pointer dereference.

While debugging this, I added a NULL check for the buffer itself (which is OK to do), and also NULL pointer checks against buffer->buffers (which is not fine, and will WARN) as well as making sure the CPU number passed in is within the nr_cpu_ids (which is also not fine if it isn't).

Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705

CVSS Base Scores

version 3.1