Wiz
Vulnerability DatabaseCVE-2022-48816

CVE-2022-48816
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2022-48816 affects the Linux kernel's SUNRPC (Remote Procedure Call) subsystem. The vulnerability was discovered and disclosed in July 2024. The issue occurs when ->sock can be set to NULL asynchronously unless ->recv_mutex is held during sysfs read operations. This vulnerability affects various Linux distributions including Ubuntu 22.04 LTS and Red Hat Enterprise Linux 9.0 (NVD, Ubuntu).

Technical details

The vulnerability stems from a race condition in the Linux kernel's SUNRPC subsystem where the ->sock pointer can be asynchronously set to NULL if ->recv_mutex is not held during sysfs read operations. A previous fix attempt in commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") only narrowed the race window but did not completely resolve the issue (Kernel Commit).

Impact

If exploited, this vulnerability can trigger a kernel oops (crash) when performing sysfs read operations on affected systems. This could potentially lead to a denial of service condition (NVD).

Mitigation and workarounds

The vulnerability has been patched in various Linux distributions. The fix involves properly holding the ->recv_mutex during sysfs read operations and checking for NULL sock pointer. System administrators should apply the latest kernel updates available for their distributions (Red Hat).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40343MEDIUM6.4
  • Linux KernelLinux Kernel
  • kernel-rt-modules-internal
NoYesDec 09, 2025
CVE-2025-40342MEDIUM6.4
  • Linux KernelLinux Kernel
  • kernel-debug-modules-extra
NoYesDec 09, 2025
CVE-2025-40341MEDIUM5.1
  • Linux KernelLinux Kernel
  • linux-nvidia-tegra
NoYesDec 09, 2025
CVE-2025-40345N/AN/A
  • Linux KernelLinux Kernel
  • kernel-headers
NoYesDec 12, 2025
CVE-2025-40344N/AN/A
  • Linux KernelLinux Kernel
  • linux-azure-6.14
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo