Listen to this Post
How the Vulnerability Works
This vulnerability occurs in the Linux kernel’s netfs subsystem when handling cache operations. The issue arises when filesystems like NFS or Ceph (which don’t implement invalidate_cache
) encounter write failures to cache (NETFS_WRITE_TO_CACHE
). The kernel attempts to call the non-existent `invalidate_cache` method, leading to a NULL pointer dereference. This triggers a kernel panic with supervisor instruction fetch error, crashing the system. The vulnerability manifests in the `netfs_write_collection_worker` function when processing cached writes, where missing NULL check before calling `invalidate_cache` causes uncontrolled system crash.
DailyCVE Form:
Platform: Linux Kernel
Version: Up to 6.13.3
Vulnerability: NULL Pointer Dereference
Severity: Critical
Date: 04/10/2025
What Undercode Say:
Exploitation Analysis:
1. Crash system via malformed cache operations
2. Trigger through filesystem operations on NFS/Ceph
3. Exploit requires write access to affected filesystems
Protection Commands:
Check kernel version uname -r Patch verification grep 'netfs_write_collection_worker' /proc/kallsyms Temporary mitigation echo 0 > /proc/sys/net/netfs/cache_enabled
Vulnerable Code Pattern:
if (test_bit(NETFS_WRITE_TO_CACHE, &subreq->flags) && !test_bit(NETFS_SREQ_WRITE_TO_CACHE, &subreq->flags)) { netfs_invalidate_cache(subreq); // Missing NULL check }
Patched Code Example:
if (subreq->netfs_ops->invalidate_cache && test_bit(NETFS_WRITE_TO_CACHE, &subreq->flags) && !test_bit(NETFS_SREQ_WRITE_TO_CACHE, &subreq->flags)) { subreq->netfs_ops->invalidate_cache(subreq); }
Detection Script:
import os def check_vulnerable(): kernel_ver = os.uname().release.split('.') major, minor = int(kernel_ver[bash]), int(kernel_ver[bash]) return (major == 6 and minor <= 13) or (major < 6)
Mitigation Steps:
1. Update to patched kernel version
2. Disable affected filesystems if unused
3. Implement kernel module signing
4. Restrict filesystem mounting privileges
Debugging Commands:
Check for crash logs dmesg | grep 'netfs_write_collection_worker' Monitor filesystem operations strace -f -e trace=file -p <pid> Kernel debugging crash /usr/lib/debug/boot/vmlinux-$(uname -r) /var/crash/dumpfile
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-22002
Extra Source Hub:
Undercode