| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100439-CVE-2022-50481-3d22@gregkh> Date: Sat, 4 Oct 2025 17:16:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50481: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails. The Linux kernel CVE team has assigned CVE-2022-50481 to this issue. Affected and fixed versions =========================== Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 4.9.337 with commit 96fba6fb95bdede80583c262ac185da09661f264 Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 4.14.303 with commit 1ae581696b7a799afa39a664c4b721569643f58a Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 4.19.270 with commit d775a1da5a52b4f4bb02f2707ba420d1bec48dbb Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 5.4.229 with commit 60b2ed21a65f3f5318666ccd765c3507991370cf Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 5.10.163 with commit 170e8c2d2b61e15e7f7cfeded81bc1e959a15ed8 Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 5.15.86 with commit e5021bbf11b024cc65ea1e84c377df484183be4b Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 6.0.16 with commit b32559ee4e6667c5c3daf4ec5454c277d1f255d2 Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 6.1.2 with commit ab44c182353be101c3be9465e1d15d42130c53c4 Issue introduced in 4.6 with commit 14baf4d9c739e6e69150512d2eb23c71fffcc192 and fixed in 6.2 with commit 61c80d1c3833e196256fb060382db94f24d3d9a7 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50481 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/misc/cxl/guest.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/96fba6fb95bdede80583c262ac185da09661f264 https://git.kernel.org/stable/c/1ae581696b7a799afa39a664c4b721569643f58a https://git.kernel.org/stable/c/d775a1da5a52b4f4bb02f2707ba420d1bec48dbb https://git.kernel.org/stable/c/60b2ed21a65f3f5318666ccd765c3507991370cf https://git.kernel.org/stable/c/170e8c2d2b61e15e7f7cfeded81bc1e959a15ed8 https://git.kernel.org/stable/c/e5021bbf11b024cc65ea1e84c377df484183be4b https://git.kernel.org/stable/c/b32559ee4e6667c5c3daf4ec5454c277d1f255d2 https://git.kernel.org/stable/c/ab44c182353be101c3be9465e1d15d42130c53c4 https://git.kernel.org/stable/c/61c80d1c3833e196256fb060382db94f24d3d9a7
Powered by blists - more mailing lists