CVE-2022-49895

Description

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allocation crash When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxl_port_attach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path. However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG. To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.

Reserved 2025-05-01 | Published 2025-05-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

384e624bb211b406db40edc900bb51af8bb267d0 before c6813b5610ac53af73edd87a660d23a0511faa47
affected

384e624bb211b406db40edc900bb51af8bb267d0 before 71ee71d7adcba648077997a29a91158d20c40b09
affected

Default status
affected

6.0
affected

Any version before 6.0
unaffected

6.0.8
unaffected

6.1
unaffected

References

git.kernel.org/...c/c6813b5610ac53af73edd87a660d23a0511faa47

git.kernel.org/...c/71ee71d7adcba648077997a29a91158d20c40b09

cve.org (CVE-2022-49895)

nvd.nist.gov (CVE-2022-49895)

Download JSON