CVE-2022-49826

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ata: libata-transport: fix double ata_host_put() in ata_tport_add()<br /> <br /> In the error path in ata_tport_add(), when calling put_device(),<br /> ata_tport_release() is called, it will put the refcount of &amp;#39;ap-&gt;host&amp;#39;.<br /> <br /> And then ata_host_put() is called again, the refcount is decreased<br /> to 0, ata_host_release() is called, all ports are freed and set to<br /> null.<br /> <br /> When unbinding the device after failure, ata_host_stop() is called<br /> to release the resources, it leads a null-ptr-deref(), because all<br /> the ports all freed and null.<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008<br /> CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8<br /> pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : ata_host_stop+0x3c/0x84 [libata]<br /> lr : release_nodes+0x64/0xd0<br /> Call trace:<br /> ata_host_stop+0x3c/0x84 [libata]<br /> release_nodes+0x64/0xd0<br /> devres_release_all+0xbc/0x1b0<br /> device_unbind_cleanup+0x20/0x70<br /> really_probe+0x158/0x320<br /> __driver_probe_device+0x84/0x120<br /> driver_probe_device+0x44/0x120<br /> __driver_attach+0xb4/0x220<br /> bus_for_each_dev+0x78/0xdc<br /> driver_attach+0x2c/0x40<br /> bus_add_driver+0x184/0x240<br /> driver_register+0x80/0x13c<br /> __pci_register_driver+0x4c/0x60<br /> ahci_pci_driver_init+0x30/0x1000 [ahci]<br /> <br /> Fix this by removing redundant ata_host_put() in the error path.