CVE-2022-49029

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49029
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49029.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49029
Downstream
Related
Published
2024-10-21T20:06:33.918Z
Modified
2026-03-20T12:22:06.897684Z
Summary
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ibmpex) Fix possible UAF when ibmpexregisterbmc() fails

Smatch report warning as follows:

drivers/hwmon/ibmpex.c:509 ibmpexregisterbmc() warn: '&data->list' not removed from list

If ibmpexfindsensors() fails in ibmpexregisterbmc(), data will be freed, but data->list will not be removed from driverdata.bmcdata, then list traversal may cause UAF.

Fix by removeing it from driverdata.bmcdata before free().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49029.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab
Fixed
f2a13196ad41c6c2ab058279dffe6c97292e753a
Fixed
798198273bf86673b970b51acdb35e57f42b3fcb
Fixed
24b9633f7db7f4809be7053df1d2e117e7c2de10
Fixed
7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3
Fixed
90907cd4d11351ff76c9a447bcb5db0e264c47cd
Fixed
45f6e81863747c0d7bc6a95ec51129900e71467a
Fixed
e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863
Fixed
e2a87785aab0dac190ac89be6a9ba955e2c634f2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49029.json"