CVE-2022-49476

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49476
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49476.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49476
Downstream
Related
Published
2025-02-26T02:13:18Z
Modified
2025-10-15T21:57:43.523077Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
mt76: mt7921: fix kernel crash at mt7921_pci_remove
Details

In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7921: fix kernel crash at mt7921pciremove

The crash log shown it is possible that mt7921irqhandler is called while devmfreeirq is being handled so mt76freedevice need to be postponed until devmfreeirq is completed to solve the crash we free the mt76 device too early.

[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: errorcode(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x8664 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921irqhandler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] <TASK> [ 9299.340485] _freeirq+0x221/0x350 [ 9299.340527] freeirq+0x30/0x70 [ 9299.340553] devmfreeirq+0x55/0x80 [ 9299.340579] mt7921pciremove+0x2f/0x40 [mt7921e] [ 9299.340616] pcideviceremove+0x3b/0xa0 [ 9299.340651] _devicereleasedriver+0x17a/0x240 [ 9299.340686] devicedriverdetach+0x3c/0xa0 [ 9299.340714] unbindstore+0x113/0x130 [ 9299.340740] kernfsfopwriteiter+0x124/0x1b0 [ 9299.340775] newsyncwrite+0x15c/0x1f0 [ 9299.340806] vfswrite+0x1d2/0x270 [ 9299.340831] ksyswrite+0x67/0xe0 [ 9299.340857] dosyscall64+0x3b/0x90 [ 9299.340887] entrySYSCALL64afterhwframe+0x44/0xae

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5c14a5f944b91371961548b1907802f74a4d2e5c
Fixed
09693f5b636fb3f6dd56fd943226fc1bbc600b51
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5c14a5f944b91371961548b1907802f74a4d2e5c
Fixed
677e669973bf5460705bc65033445ea9f6615999
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5c14a5f944b91371961548b1907802f74a4d2e5c
Fixed
ad483ed9dd5193a54293269c852a29051813b7bd

Affected versions

v5.*

v5.11
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.12.0
Fixed
5.17.14
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.3