CVE-2022-48750

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwmon: (nct6775) Fix crash in clear_caseopen<br /> <br /> Paweł Marciniak reports the following crash, observed when clearing<br /> the chassis intrusion alarm.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000028<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP PTI<br /> CPU: 3 PID: 4815 Comm: bash Tainted: G S 5.16.2-200.fc35.x86_64 #1<br /> Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z97 Extreme4, BIOS P2.60A 05/03/2018<br /> RIP: 0010:clear_caseopen+0x5a/0x120 [nct6775]<br /> Code: 68 70 e8 e9 32 b1 e3 85 c0 0f 85 d2 00 00 00 48 83 7c 24 ...<br /> RSP: 0018:ffffabcb02803dd8 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000<br /> RDX: ffff8e8808192880 RSI: 0000000000000000 RDI: ffff8e87c7509a68<br /> RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000000a<br /> R10: 000000000000000a R11: f000000000000000 R12: 000000000000001f<br /> R13: ffff8e87c7509828 R14: ffff8e87c7509a68 R15: ffff8e88494527a0<br /> FS: 00007f4db9151740(0000) GS:ffff8e8ebfec0000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000028 CR3: 0000000166b66001 CR4: 00000000001706e0<br /> Call Trace:<br /> <br /> kernfs_fop_write_iter+0x11c/0x1b0<br /> new_sync_write+0x10b/0x180<br /> vfs_write+0x209/0x2a0<br /> ksys_write+0x4f/0xc0<br /> do_syscall_64+0x3b/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> <br /> The problem is that the device passed to clear_caseopen() is the hwmon<br /> device, not the platform device, and the platform data is not set in the<br /> hwmon device. Store the pointer to sio_data in struct nct6775_data and<br /> get if from there if needed.