CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: Don&amp;#39;t null dereference ops-&gt;destroy<br /> <br /> A KVM device cleanup happens in either of two callbacks:<br /> 1) destroy() which is called when the VM is being destroyed;<br /> 2) release() which is called when a device fd is closed.<br /> <br /> Most KVM devices use 1) but Book3s&amp;#39;s interrupt controller KVM devices<br /> (XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during<br /> the machine execution. The error handling in kvm_ioctl_create_device()<br /> assumes destroy() is always defined which leads to NULL dereference as<br /> discovered by Syzkaller.<br /> <br /> This adds a checks for destroy!=NULL and adds a missing release().<br /> <br /> This is not changing kvm_destroy_devices() as devices with defined<br /> release() should have been removed from the KVM devices list by then.