CVE-2022-49285

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
26/02/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: accel: mma8452: use the correct logic to get mma8452_data<br /> <br /> The original logic to get mma8452_data is wrong, the *dev point to<br /> the device belong to iio_dev. we can&amp;#39;t use this dev to find the<br /> correct i2c_client. The original logic happen to work because it<br /> finally use dev-&gt;driver_data to get iio_dev. Here use the API<br /> to_i2c_client() is wrong and make reader confuse. To correct the<br /> logic, it should be like this<br /> <br /> struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));<br /> <br /> But after commit 8b7651f25962 ("iio: iio_device_alloc(): Remove<br /> unnecessary self drvdata"), the upper logic also can&amp;#39;t work.<br /> When try to show the avialable scale in userspace, will meet kernel<br /> dump, kernel handle NULL pointer dereference.<br /> <br /> So use dev_to_iio_dev() to correct the logic.<br /> <br /> Dual fixes tags as the second reflects when the bug was exposed, whilst<br /> the first reflects when the original bug was introduced.

Impact