Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2022 / CVE-2022-49826.json
blob: 393867edad6138e610449541eada6c4ce4085a90 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of 'ap->host'.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/ata/libata-transport.c"
],
"versions": [
{
"version": "2623c7a5f2799569d8bb05eb211da524a8144cb3",
"lessThan": "30e12e2be27ac6c4be2af4163c70db381364706f",
"status": "affected",
"versionType": "git"
},
{
"version": "2623c7a5f2799569d8bb05eb211da524a8144cb3",
"lessThan": "bec9ded5404cb14e5f5470103d0973a2ff83d6a5",
"status": "affected",
"versionType": "git"
},
{
"version": "2623c7a5f2799569d8bb05eb211da524a8144cb3",
"lessThan": "ac471468f7c16cda2525909946ca13ddbcd14000",
"status": "affected",
"versionType": "git"
},
{
"version": "2623c7a5f2799569d8bb05eb211da524a8144cb3",
"lessThan": "377ff82c33c0cb74562a353361b64b33c09562cf",
"status": "affected",
"versionType": "git"
},
{
"version": "2623c7a5f2799569d8bb05eb211da524a8144cb3",
"lessThan": "865a6da40ba092c18292ae5f6194756131293745",
"status": "affected",
"versionType": "git"
},
{
"version": "2623c7a5f2799569d8bb05eb211da524a8144cb3",
"lessThan": "8c76310740807ade5ecdab5888f70ecb6d35732e",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/ata/libata-transport.c"
],
"versions": [
{
"version": "4.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.17",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.267",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.225",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.156",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.80",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.0.10",
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17",
"versionEndExcluding": "4.19.267"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17",
"versionEndExcluding": "5.4.225"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17",
"versionEndExcluding": "5.10.156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17",
"versionEndExcluding": "5.15.80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17",
"versionEndExcluding": "6.0.10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17",
"versionEndExcluding": "6.1"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f"
},
{
"url": "https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5"
},
{
"url": "https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000"
},
{
"url": "https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf"
},
{
"url": "https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745"
},
{
"url": "https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e"
}
],
"title": "ata: libata-transport: fix double ata_host_put() in ata_tport_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2022-49826",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}