CVE-2022-49010
- Source
- https://cve.org/CVERecord?id=CVE-2022-49010
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49010.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49010
- Downstream
- Related
- Published
- 2024-10-21T20:06:21.423Z
- Modified
- 2026-04-11T12:43:26.204037Z
- Summary
- hwmon: (coretemp) Check for null before removing sysfs attrs
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Check for null before removing sysfs attrs
If coretempaddcore() gets an error then pdata->coredata[indx] is already NULL and has been kfreed. Don't pass that to sysfsremovegroup() as that will crash in sysfsremove_group().
[Shortened for readability] [91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20label' <cpu offline> [91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188 [91855.165103] #PF: supervisor read access in kernel mode [91855.194506] #PF: errorcode(0x0000) - not-present page [91855.224445] PGD 0 P4D 0 [91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI ... [91855.342716] RIP: 0010:sysfsremovegroup+0xc/0x80 ... [91855.796571] Call Trace: [91855.810524] coretempcpuoffline+0x12b/0x1dd [coretemp] [91855.841738] ? coretempcpuonline+0x180/0x180 [coretemp] [91855.871107] cpuhpinvokecallback+0x105/0x4b0 [91855.893432] cpuhpthreadfun+0x8e/0x150 ...
Fix this by checking for NULL first.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49010.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f
- https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c
- https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16
- https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653
- https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a
- https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b
- https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b
- https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49010.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49010
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced199e0de7f5df31a4fc485d4aaaf8a07718252aceFixedfb503d077ff7b43913503eaf72995d1239028b99Fixed070d5ea4a0592a37ad96ce7f7b6b024f90bb009fFixed280110db1a7d62ad635b103bafc3ae96e8bef75cFixed89eecabe6a47403237f45aafd7d24f93cb973653Fixedf06e0cd01eab954bd5f2190c9faa79bb5357e05bFixed7692700ac818866d138a8de555130a6e70e6ac16Fixedae6c8b6e5d5628df1c475c0a8fca1465e205c95bFixeda89ff5f5cc64b9fe7a992cf56988fd36f56ca82a
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.0.0Fixed4.9.335
- Type
- ECOSYSTEM
- Events
-
Introduced4.10.0Fixed4.14.301
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.268
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.226
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.158
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.82
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.0.12