CVE-2022-48918

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iwlwifi: mvm: check debugfs_dir ptr before use<br /> <br /> When "debugfs=off" is used on the kernel command line, iwiwifi&amp;#39;s<br /> mvm module uses an invalid/unchecked debugfs_dir pointer and causes<br /> a BUG:<br /> <br /> BUG: kernel NULL pointer dereference, address: 000000000000004f<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP<br /> CPU: 1 PID: 503 Comm: modprobe Tainted: G W 5.17.0-rc5 #7<br /> Hardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021<br /> RIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm]<br /> Code: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c 8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73<br /> RSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246<br /> RAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328<br /> RDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c<br /> RBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620<br /> R10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000<br /> R13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320<br /> FS: 00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> ? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm]<br /> iwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm]<br /> iwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm]<br /> _iwl_op_mode_start+0x6f/0xd0 [iwlwifi]<br /> iwl_opmode_register+0x6a/0xe0 [iwlwifi]<br /> ? 0xffffffffa0231000<br /> iwl_mvm_init+0x35/0x1000 [iwlmvm]<br /> ? 0xffffffffa0231000<br /> do_one_initcall+0x5a/0x1b0<br /> ? kmem_cache_alloc+0x1e5/0x2f0<br /> ? do_init_module+0x1e/0x220<br /> do_init_module+0x48/0x220<br /> load_module+0x2602/0x2bc0<br /> ? __kernel_read+0x145/0x2e0<br /> ? kernel_read_file+0x229/0x290<br /> __do_sys_finit_module+0xc5/0x130<br /> ? __do_sys_finit_module+0xc5/0x130<br /> __x64_sys_finit_module+0x13/0x20<br /> do_syscall_64+0x38/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> RIP: 0033:0x7f64dda564dd<br /> Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48<br /> RSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139<br /> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd<br /> RDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001<br /> RBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002<br /> R10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2<br /> R13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018<br /> <br /> Modules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev<br /> CR2: 000000000000004f<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> Check the debugfs_dir pointer for an error before using it.<br /> <br /> [change to make both conditional]