CVE-2022-49329

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49329
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49329.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49329
Downstream
Related
Published
2025-02-26T02:10:50Z
Modified
2025-10-15T20:53:13.470298Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
vduse: Fix NULL pointer dereference on sysfs access
Details

In the Linux kernel, the following vulnerability has been resolved:

vduse: Fix NULL pointer dereference on sysfs access

The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs:

[ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msgtimeoutshow (drivers/vdpa/vdpauser/vdusedev.c:1271) [ 132.869447][ T3644] devattrshow (drivers/base/core.c:2094) [ 132.870215][ T3644] sysfskfseqshow (fs/sysfs/file.c:59) [ 132.871164][ T3644] ? deviceremovebinfile (drivers/base/core.c:2088) [ 132.872082][ T3644] kernfsseqshow (fs/kernfs/file.c:164) [ 132.872838][ T3644] seqreaditer (fs/seqfile.c:230) [ 132.873578][ T3644] ? _vmallocareanode (mm/vmalloc.c:3041) [ 132.874532][ T3644] kernfsfopreaditer (fs/kernfs/file.c:238) [ 132.875513][ T3644] _kernelread (fs/readwrite.c:440 (discriminator 1)) [ 132.876319][ T3644] kernelread (fs/readwrite.c:459) [ 132.877129][ T3644] kernelreadfile (fs/kernelreadfile.c:94) [ 132.877978][ T3644] kernelreadfilefromfd (include/linux/file.h:45 fs/kernelreadfile.c:186) [ 132.879019][ T3644] _dosysfinitmodule (kernel/module.c:4207) [ 132.879930][ T3644] _ia32sysfinitmodule (kernel/module.c:4189) [ 132.880930][ T3644] doint80syscall32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) [ 132.881847][ T3644] entryINT80compat (arch/x86/entry/entry64_compat.S:419)

To fix it, don't create the unneeded attribute for control device anymore.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c8a6153b6c59d95c0e091f053f6f180952ade91e
Fixed
3a7a81f4835dfda11f39fdd27586da14331896eb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c8a6153b6c59d95c0e091f053f6f180952ade91e
Fixed
30fd1b56621e187346f65d01fe34870634b15188
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c8a6153b6c59d95c0e091f053f6f180952ade91e
Fixed
b22fdee17ec62604060fb0fda5e1414b634666e1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c8a6153b6c59d95c0e091f053f6f180952ade91e
Fixed
b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9

Affected versions

v5.*

v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.18.3
v5.19-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.47
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.17.15
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.4