CVE-2022-49823

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49823

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49823.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49823

Related

UBUNTU-CVE-2022-49823

Published

2025-05-01T15:16:05Z

Modified

2025-05-02T14:48:13.499689Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-transport: fix error handling in atatdevadd()

In atatdevadd(), the return value of transportadddevice() is not checked. As a result, it causes null-ptr-deref while removing the module, because transportremovedevice() is called to remove the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : devicedel+0x48/0x3a0 lr : devicedel+0x44/0x3a0 Call trace: devicedel+0x48/0x3a0 attributecontainerclassdevicedel+0x28/0x40 transportremoveclassdev+0x60/0x7c attributecontainerdevicetrigger+0x118/0x120 transportremovedevice+0x20/0x30 atatdevdelete+0x24/0x50 [libata] atatlinkdelete+0x40/0xa0 [libata] atatportdelete+0x2c/0x60 [libata] ataportdetach+0x148/0x1b0 [libata] atapciremoveone+0x50/0x80 [libata] ahciremove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transportadddevice() in atatdevadd(). In the error path, devicedel() is called to delete the device which was added earlier in this function, and atatdevfree() is called to free atadev.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.158-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}