| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022606-CVE-2022-49492-6a2d@gregkh> Date: Wed, 26 Feb 2025 03:12:46 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Description =========== In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (typically -ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which is checked immediately after the call. However, when we return the error message up the stack, to nvme_reset_work the error takes us to nvme_remove_dead_ctrl() nvme_dev_disable() nvme_suspend_queue(&dev->queues[0]). Here, we only check that the admin_q is non-NULL, rather than not an error or NULL, and begin quiescing a queue that never existed, leading to bad / NULL pointer dereference. The Linux kernel CVE team has assigned CVE-2022-49492 to this issue. Affected and fixed versions =========================== Fixed in 4.9.318 with commit 8321b17789f614414206af07e17ce4751c95dc76 Fixed in 4.14.283 with commit 9e649471b396fa0139d53919354ce1eace9b9a24 Fixed in 4.19.247 with commit 8da2b7bdb47e94bbc4062a3978c708926bcb022c Fixed in 5.4.198 with commit f76729662650cd7bc8f8194e057af381370349a7 Fixed in 5.10.121 with commit af98940dd33c9f9e1beb4f71c0a39260100e2a65 Fixed in 5.15.46 with commit 906c81dba8ee8057523859b5e1a2479e9fd34860 Fixed in 5.17.14 with commit 7a28556082d1fbcbc599baf1c24252dfc73efefc Fixed in 5.18.3 with commit 54a4c1e47d1b2585e74920399455bd9abbfb2bd7 Fixed in 5.19 with commit da42761181627e9bdc37d18368b827948a583929 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49492 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/nvme/host/pci.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8321b17789f614414206af07e17ce4751c95dc76 https://git.kernel.org/stable/c/9e649471b396fa0139d53919354ce1eace9b9a24 https://git.kernel.org/stable/c/8da2b7bdb47e94bbc4062a3978c708926bcb022c https://git.kernel.org/stable/c/f76729662650cd7bc8f8194e057af381370349a7 https://git.kernel.org/stable/c/af98940dd33c9f9e1beb4f71c0a39260100e2a65 https://git.kernel.org/stable/c/906c81dba8ee8057523859b5e1a2479e9fd34860 https://git.kernel.org/stable/c/7a28556082d1fbcbc599baf1c24252dfc73efefc https://git.kernel.org/stable/c/54a4c1e47d1b2585e74920399455bd9abbfb2bd7 https://git.kernel.org/stable/c/da42761181627e9bdc37d18368b827948a583929
Powered by blists - more mailing lists