CVE-2022-50473

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpufreq: Init completion before kobject_init_and_add()<br /> <br /> In cpufreq_policy_alloc(), it will call uninitialed completion in<br /> cpufreq_sysfs_release() when kobject_init_and_add() fails. And<br /> that will cause a crash such as the following page fault in complete:<br /> <br /> BUG: unable to handle page fault for address: fffffffffffffff8<br /> [..]<br /> RIP: 0010:complete+0x98/0x1f0<br /> [..]<br /> Call Trace:<br /> kobject_put+0x1be/0x4c0<br /> cpufreq_online.cold+0xee/0x1fd<br /> cpufreq_add_dev+0x183/0x1e0<br /> subsys_interface_register+0x3f5/0x4e0<br /> cpufreq_register_driver+0x3b7/0x670<br /> acpi_cpufreq_init+0x56c/0x1000 [acpi_cpufreq]<br /> do_one_initcall+0x13d/0x780<br /> do_init_module+0x1c3/0x630<br /> load_module+0x6e67/0x73b0<br /> __do_sys_finit_module+0x181/0x240<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd