CVE-2022-49476

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
26/02/2025
Last modified:
17/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7921: fix kernel crash at mt7921_pci_remove<br /> <br /> The crash log shown it is possible that mt7921_irq_handler is called while<br /> devm_free_irq is being handled so mt76_free_device need to be postponed<br /> until devm_free_irq is completed to solve the crash we free the mt76 device<br /> too early.<br /> <br /> [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> [ 9299.339705] #PF: supervisor read access in kernel mode<br /> [ 9299.339735] #PF: error_code(0x0000) - not-present page<br /> [ 9299.339768] PGD 0 P4D 0<br /> [ 9299.339786] Oops: 0000 [#1] SMP PTI<br /> [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1<br /> [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022<br /> [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]<br /> [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082<br /> [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5<br /> [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020<br /> [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011<br /> [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080<br /> [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228<br /> [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000<br /> [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0<br /> [ 9299.340432] PKRU: 55555554<br /> [ 9299.340449] Call Trace:<br /> [ 9299.340467] <br /> [ 9299.340485] __free_irq+0x221/0x350<br /> [ 9299.340527] free_irq+0x30/0x70<br /> [ 9299.340553] devm_free_irq+0x55/0x80<br /> [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]<br /> [ 9299.340616] pci_device_remove+0x3b/0xa0<br /> [ 9299.340651] __device_release_driver+0x17a/0x240<br /> [ 9299.340686] device_driver_detach+0x3c/0xa0<br /> [ 9299.340714] unbind_store+0x113/0x130<br /> [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0<br /> [ 9299.340775] new_sync_write+0x15c/0x1f0<br /> [ 9299.340806] vfs_write+0x1d2/0x270<br /> [ 9299.340831] ksys_write+0x67/0xe0<br /> [ 9299.340857] do_syscall_64+0x3b/0x90<br /> [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12 (including) 5.17.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.18 (including) 5.18.3 (excluding)