CVE-2022-50282

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> chardev: fix error handling in cdev_device_add()<br /> <br /> While doing fault injection test, I got the following report:<br /> <br /> ------------[ cut here ]------------<br /> kobject: &amp;#39;(null)&amp;#39; (0000000039956980): is not initialized, yet kobject_put() is being called.<br /> WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0<br /> CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014<br /> RIP: 0010:kobject_put+0x23d/0x4e0<br /> Call Trace:<br /> <br /> cdev_device_add+0x15e/0x1b0<br /> __iio_device_register+0x13b4/0x1af0 [industrialio]<br /> __devm_iio_device_register+0x22/0x90 [industrialio]<br /> max517_probe+0x3d8/0x6b4 [max517]<br /> i2c_device_probe+0xa81/0xc00<br /> <br /> When device_add() is injected fault and returns error, if dev-&gt;devt is not set,<br /> cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev-&gt;devt<br /> in error path.