CVE-2022-49476
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
26/02/2025
Last modified:
17/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mt76: mt7921: fix kernel crash at mt7921_pci_remove<br />
<br />
The crash log shown it is possible that mt7921_irq_handler is called while<br />
devm_free_irq is being handled so mt76_free_device need to be postponed<br />
until devm_free_irq is completed to solve the crash we free the mt76 device<br />
too early.<br />
<br />
[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008<br />
[ 9299.339705] #PF: supervisor read access in kernel mode<br />
[ 9299.339735] #PF: error_code(0x0000) - not-present page<br />
[ 9299.339768] PGD 0 P4D 0<br />
[ 9299.339786] Oops: 0000 [#1] SMP PTI<br />
[ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1<br />
[ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022<br />
[ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]<br />
[ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082<br />
[ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5<br />
[ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020<br />
[ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011<br />
[ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080<br />
[ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228<br />
[ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000<br />
[ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
[ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0<br />
[ 9299.340432] PKRU: 55555554<br />
[ 9299.340449] Call Trace:<br />
[ 9299.340467] <br />
[ 9299.340485] __free_irq+0x221/0x350<br />
[ 9299.340527] free_irq+0x30/0x70<br />
[ 9299.340553] devm_free_irq+0x55/0x80<br />
[ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]<br />
[ 9299.340616] pci_device_remove+0x3b/0xa0<br />
[ 9299.340651] __device_release_driver+0x17a/0x240<br />
[ 9299.340686] device_driver_detach+0x3c/0xa0<br />
[ 9299.340714] unbind_store+0x113/0x130<br />
[ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0<br />
[ 9299.340775] new_sync_write+0x15c/0x1f0<br />
[ 9299.340806] vfs_write+0x1d2/0x270<br />
[ 9299.340831] ksys_write+0x67/0xe0<br />
[ 9299.340857] do_syscall_64+0x3b/0x90<br />
[ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.17.14 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.18 (including) | 5.18.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page