CVE-2022-49889
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49889
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49889.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49889
- Related
- Published
- 2025-05-01T15:16:13Z
- Modified
- 2025-05-07T13:19:59Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Check for NULL cpubuffer in ringbufferwakewaiters()
On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a percpu directory with access to the per CPU ring buffer via a cpuX file. But to save space, the ring buffer will only allocate buffers for online CPUs, even though the CPU array will be as big as the nrcpu_ids.
With the addition of waking waiters on the ring buffer when closing the file, the ringbufferwakewaiters() now needs to make sure that the buffer is allocated (with the irqwork allocated with it) before trying to wake waiters, as it will cause a NULL pointer dereference.
While debugging this, I added a NULL check for the buffer itself (which is OK to do), and also NULL pointer checks against buffer->buffers (which is not fine, and will WARN) as well as making sure the CPU number passed in is within the nrcpuids (which is also not fine if it isn't).
Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source