| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091548-CVE-2022-50244-4e09@gregkh> Date: Mon, 15 Sep 2025 16:01:52 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50244: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() If device_register() fails in cxl_pci_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails. The Linux kernel CVE team has assigned CVE-2022-50244 to this issue. Affected and fixed versions =========================== Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 4.9.337 with commit 82e68432668ae75b4c814d160f6987ecb0681273 Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 4.14.303 with commit 82e5481428faf11c79b9c094dd24a1849bbf64ac Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 4.19.270 with commit c4b2e35df919d99bbbed033c2fa0b607f9f463b5 Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 5.4.229 with commit 361412dae1690d4b5df6f92fc943cdc773c95cbc Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 5.10.163 with commit 0f63c0ddc2ea20d783d29243f4dbe0f9e95dfdec Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 5.15.86 with commit 22511eefa61db26e12c97dd7ada3071dbdfcb004 Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 6.0.16 with commit 139abd4c626a6f7ce02789ed5f73aa2256e0542b Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 6.1.2 with commit 2f5fd31b2f24b9b8a80ab566fd8c4e1e94cb4339 Issue introduced in 3.18 with commit f204e0b8cedd7da1dfcfd05ed6b7692737e24029 and fixed in 6.2 with commit 02cd3032b154fa02fdf90e7467abaeed889330b2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50244 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/misc/cxl/pci.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/82e68432668ae75b4c814d160f6987ecb0681273 https://git.kernel.org/stable/c/82e5481428faf11c79b9c094dd24a1849bbf64ac https://git.kernel.org/stable/c/c4b2e35df919d99bbbed033c2fa0b607f9f463b5 https://git.kernel.org/stable/c/361412dae1690d4b5df6f92fc943cdc773c95cbc https://git.kernel.org/stable/c/0f63c0ddc2ea20d783d29243f4dbe0f9e95dfdec https://git.kernel.org/stable/c/22511eefa61db26e12c97dd7ada3071dbdfcb004 https://git.kernel.org/stable/c/139abd4c626a6f7ce02789ed5f73aa2256e0542b https://git.kernel.org/stable/c/2f5fd31b2f24b9b8a80ab566fd8c4e1e94cb4339 https://git.kernel.org/stable/c/02cd3032b154fa02fdf90e7467abaeed889330b2
Powered by blists - more mailing lists