CVE-2022-49376

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sd_probe() sees an early error before sdkp->device is initialized, sd_zbc_release_disk() is called. This causes a NULL pointer dereference when sd_is_zoned() is called inside that function. Avoid this by removing the call to sd_zbc_release_disk() in sd_probe() error path. This change is safe and does not result in zone information memory leakage because the zone information for a zoned disk is allocated only when sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set, resulting in sd_disk_release() being called when needed to cleanup a disk zone information using sd_zbc_release_disk().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/05fbde3a77a4f1d62e4c4428f384288c1f1a0be5	Patch
https://git.kernel.org/stable/c/0fcb0b131cc90c8f523a293d84c58d0c7273c96f	Patch
https://git.kernel.org/stable/c/3733439593ad12f7b54ae35c273ea6f15d692de3	Patch
https://git.kernel.org/stable/c/78f8e96df06e2d04d82d4071c299b59d28744f47	Patch
https://git.kernel.org/stable/c/c1f0187025905e9981000d44a92e159468b561a8	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

14 Apr 2025, 20:37

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
References	~~() https://git.kernel.org/stable/c/05fbde3a77a4f1d62e4c4428f384288c1f1a0be5 -~~	() https://git.kernel.org/stable/c/05fbde3a77a4f1d62e4c4428f384288c1f1a0be5 - Patch
References	~~() https://git.kernel.org/stable/c/0fcb0b131cc90c8f523a293d84c58d0c7273c96f -~~	() https://git.kernel.org/stable/c/0fcb0b131cc90c8f523a293d84c58d0c7273c96f - Patch
References	~~() https://git.kernel.org/stable/c/3733439593ad12f7b54ae35c273ea6f15d692de3 -~~	() https://git.kernel.org/stable/c/3733439593ad12f7b54ae35c273ea6f15d692de3 - Patch
References	~~() https://git.kernel.org/stable/c/78f8e96df06e2d04d82d4071c299b59d28744f47 -~~	() https://git.kernel.org/stable/c/78f8e96df06e2d04d82d4071c299b59d28744f47 - Patch
References	~~() https://git.kernel.org/stable/c/c1f0187025905e9981000d44a92e159468b561a8 -~~	() https://git.kernel.org/stable/c/c1f0187025905e9981000d44a92e159468b561a8 - Patch
First Time		Linux linux Kernel Linux
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: sd: Se corrige una posible desreferencia de puntero NULL Si sd_probe() detecta un error temprano antes de que se inicialice sdkp->device, se llama a sd_zbc_release_disk(). Esto provoca una desreferencia de puntero NULL cuando se llama a sd_is_zoned() dentro de esa función. Evite esto eliminando la llamada a sd_zbc_release_disk() en la ruta de error de sd_probe(). Este cambio es seguro y no da como resultado una pérdida de memoria de información de zona porque la información de zona para un disco zonificado se asigna solo cuando se llama a sd_revalidate_disk(), momento en el que sdkp->disk_dev está completamente configurado, lo que da como resultado que se llame a sd_disk_release() cuando sea necesario para limpiar la información de zona de un disco mediante sd_zbc_release_disk().

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-04-14 20:37

NVD link : CVE-2022-49376

Mitre link : CVE-2022-49376

CVE.ORG link : CVE-2022-49376

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10