CVE-2022-49376

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49376
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49376.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49376
Downstream
Related
Published
2025-02-26T02:11:16.118Z
Modified
2026-03-20T12:22:23.660646Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
scsi: sd: Fix potential NULL pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: Fix potential NULL pointer dereference

If sdprobe() sees an early error before sdkp->device is initialized, sdzbcreleasedisk() is called. This causes a NULL pointer dereference when sdiszoned() is called inside that function. Avoid this by removing the call to sdzbcreleasedisk() in sdprobe() error path.

This change is safe and does not result in zone information memory leakage because the zone information for a zoned disk is allocated only when sdrevalidatedisk() is called, at which point sdkp->diskdev is fully set, resulting in sddiskrelease() being called when needed to cleanup a disk zone information using sdzbcreleasedisk().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49376.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89d9475610771b5e5fe1879075f0fc9ba6e3755f
Fixed
c1f0187025905e9981000d44a92e159468b561a8
Fixed
0fcb0b131cc90c8f523a293d84c58d0c7273c96f
Fixed
78f8e96df06e2d04d82d4071c299b59d28744f47
Fixed
3733439593ad12f7b54ae35c273ea6f15d692de3
Fixed
05fbde3a77a4f1d62e4c4428f384288c1f1a0be5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49376.json"