Vulnerability Details CVE-2022-49895
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix decoder allocation crash
When an intermediate port's decoders have been exhausted by existing
regions, and creating a new region with the port in question in it's
hierarchical path is attempted, cxl_port_attach_region() fails to find a
port decoder (as would be expected), and drops into the failure / cleanup
path.
However, during cleanup of the region reference, a sanity check attempts
to dereference the decoder, which in the above case didn't exist. This
causes a NULL pointer dereference BUG.
To fix this, refactor the decoder allocation and de-allocation into
helper routines, and in this 'free' routine, check that the decoder,
@cxld, is valid before attempting any operations on it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.7%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2022-49895
-
cpe:2.3:o:linux:linux_kernel:6.0
-
cpe:2.3:o:linux:linux_kernel:6.0.1
-
cpe:2.3:o:linux:linux_kernel:6.0.2
-
cpe:2.3:o:linux:linux_kernel:6.0.3
-
cpe:2.3:o:linux:linux_kernel:6.0.4
-
cpe:2.3:o:linux:linux_kernel:6.0.5
-
cpe:2.3:o:linux:linux_kernel:6.0.6
-
cpe:2.3:o:linux:linux_kernel:6.0.7
-
cpe:2.3:o:linux:linux_kernel:6.1