CVE-2022-49295

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nbd: call genl_unregister_family() first in nbd_cleanup()<br /> <br /> Otherwise there may be race between module removal and the handling of<br /> netlink command, which can lead to the oops as shown below:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000098<br /> Oops: 0002 [#1] SMP PTI<br /> CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> RIP: 0010:down_write+0x1a/0x50<br /> Call Trace:<br /> start_creating+0x89/0x130<br /> debugfs_create_dir+0x1b/0x130<br /> nbd_start_device+0x13d/0x390 [nbd]<br /> nbd_genl_connect+0x42f/0x748 [nbd]<br /> genl_family_rcv_msg_doit.isra.0+0xec/0x150<br /> genl_rcv_msg+0xe5/0x1e0<br /> netlink_rcv_skb+0x55/0x100<br /> genl_rcv+0x29/0x40<br /> netlink_unicast+0x1a8/0x250<br /> netlink_sendmsg+0x21b/0x430<br /> ____sys_sendmsg+0x2a4/0x2d0<br /> ___sys_sendmsg+0x81/0xc0<br /> __sys_sendmsg+0x62/0xb0<br /> __x64_sys_sendmsg+0x1f/0x30<br /> do_syscall_64+0x3b/0xc0<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> Modules linked in: nbd(E-)