CVE-2022-49824
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix error handling in ata_tlink_add()
In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tlink_delete+0x88/0xb0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device() in ata_tlink_add().
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 2.6.37 | 5.10.156 |
| linux / linux_kernel | 5.11 | 5.15.80 |
| linux / linux_kernel | 5.16 | 6.0.10 |
| linux / linux_kernel | 6.1-rc1 | 6.1-rc1.x |
| linux / linux_kernel | 6.1-rc2 | 6.1-rc2.x |
| linux / linux_kernel | 6.1-rc3 | 6.1-rc3.x |
| linux / linux_kernel | 6.1-rc4 | 6.1-rc4.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime