CVE-2022-49329
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49329
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49329.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49329
- Downstream
- Related
- Published
- 2025-02-26T02:10:50Z
- Modified
- 2025-10-21T09:57:11.202402Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- vduse: Fix NULL pointer dereference on sysfs access
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vduse: Fix NULL pointer dereference on sysfs access
The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs:
[ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msgtimeoutshow (drivers/vdpa/vdpauser/vdusedev.c:1271) [ 132.869447][ T3644] devattrshow (drivers/base/core.c:2094) [ 132.870215][ T3644] sysfskfseqshow (fs/sysfs/file.c:59) [ 132.871164][ T3644] ? deviceremovebinfile (drivers/base/core.c:2088) [ 132.872082][ T3644] kernfsseqshow (fs/kernfs/file.c:164) [ 132.872838][ T3644] seqreaditer (fs/seqfile.c:230) [ 132.873578][ T3644] ? _vmallocareanode (mm/vmalloc.c:3041) [ 132.874532][ T3644] kernfsfopreaditer (fs/kernfs/file.c:238) [ 132.875513][ T3644] _kernelread (fs/readwrite.c:440 (discriminator 1)) [ 132.876319][ T3644] kernelread (fs/readwrite.c:459) [ 132.877129][ T3644] kernelreadfile (fs/kernelreadfile.c:94) [ 132.877978][ T3644] kernelreadfilefromfd (include/linux/file.h:45 fs/kernelreadfile.c:186) [ 132.879019][ T3644] _dosysfinitmodule (kernel/module.c:4207) [ 132.879930][ T3644] _ia32sysfinitmodule (kernel/module.c:4189) [ 132.880930][ T3644] doint80syscall32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) [ 132.881847][ T3644] entryINT80compat (arch/x86/entry/entry64_compat.S:419)
To fix it, don't create the unneeded attribute for control device anymore.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/30fd1b56621e187346f65d01fe34870634b15188
- https://git.kernel.org/stable/c/3a7a81f4835dfda11f39fdd27586da14331896eb
- https://git.kernel.org/stable/c/b22fdee17ec62604060fb0fda5e1414b634666e1
- https://git.kernel.org/stable/c/b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc8a6153b6c59d95c0e091f053f6f180952ade91eFixed3a7a81f4835dfda11f39fdd27586da14331896eb
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc8a6153b6c59d95c0e091f053f6f180952ade91eFixed30fd1b56621e187346f65d01fe34870634b15188
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc8a6153b6c59d95c0e091f053f6f180952ade91eFixedb22fdee17ec62604060fb0fda5e1414b634666e1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc8a6153b6c59d95c0e091f053f6f180952ade91eFixedb27ee76c74dc831d6e092eaebc2dfc9c0beed1c9
Affected versions
v5.*
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.18.3
v5.19-rc1
Database specific
vanir_signatures
[
{
"digest": {
"length": 1478.0,
"function_hash": "290145314286353659593954130668564034283"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_init"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-27e9335a"
},
{
"digest": {
"line_hashes": [
"308844990922144810540136786217731286244",
"78727592968156024335127733845888685698",
"72165925716683476579993904346711336066",
"56902607507050464517566403065162929004",
"162676882754512384092902894130947820532",
"294841942702738696017636762448040431342",
"45546948161044185987065317789267131454",
"260217540697997907909538840598832455513",
"287587848873968936502686898212551705269",
"332779723074194184247295101518813446089"
],
"threshold": 0.9
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30fd1b56621e187346f65d01fe34870634b15188",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-395a8aac"
},
{
"digest": {
"line_hashes": [
"308844990922144810540136786217731286244",
"78727592968156024335127733845888685698",
"72165925716683476579993904346711336066",
"56902607507050464517566403065162929004",
"162676882754512384092902894130947820532",
"294841942702738696017636762448040431342",
"45546948161044185987065317789267131454",
"260217540697997907909538840598832455513",
"287587848873968936502686898212551705269",
"332779723074194184247295101518813446089"
],
"threshold": 0.9
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a7a81f4835dfda11f39fdd27586da14331896eb",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-595cd1dc"
},
{
"digest": {
"length": 1478.0,
"function_hash": "290145314286353659593954130668564034283"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_init"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30fd1b56621e187346f65d01fe34870634b15188",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-6440e414"
},
{
"digest": {
"length": 1478.0,
"function_hash": "290145314286353659593954130668564034283"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_init"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b22fdee17ec62604060fb0fda5e1414b634666e1",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-84d3e835"
},
{
"digest": {
"line_hashes": [
"308844990922144810540136786217731286244",
"78727592968156024335127733845888685698",
"72165925716683476579993904346711336066",
"56902607507050464517566403065162929004",
"162676882754512384092902894130947820532",
"294841942702738696017636762448040431342",
"45546948161044185987065317789267131454",
"260217540697997907909538840598832455513",
"287587848873968936502686898212551705269",
"332779723074194184247295101518813446089"
],
"threshold": 0.9
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-9ea3f9ce"
},
{
"digest": {
"length": 1786.0,
"function_hash": "175360515707290529667927770489706962425"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_create_dev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b22fdee17ec62604060fb0fda5e1414b634666e1",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-b4ba33be"
},
{
"digest": {
"length": 1786.0,
"function_hash": "175360515707290529667927770489706962425"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_create_dev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-c3376a25"
},
{
"digest": {
"length": 1786.0,
"function_hash": "175360515707290529667927770489706962425"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_create_dev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30fd1b56621e187346f65d01fe34870634b15188",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-d77b56dd"
},
{
"digest": {
"length": 1478.0,
"function_hash": "290145314286353659593954130668564034283"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_init"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a7a81f4835dfda11f39fdd27586da14331896eb",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-e40b0de7"
},
{
"digest": {
"line_hashes": [
"308844990922144810540136786217731286244",
"78727592968156024335127733845888685698",
"72165925716683476579993904346711336066",
"56902607507050464517566403065162929004",
"162676882754512384092902894130947820532",
"294841942702738696017636762448040431342",
"45546948161044185987065317789267131454",
"260217540697997907909538840598832455513",
"287587848873968936502686898212551705269",
"332779723074194184247295101518813446089"
],
"threshold": 0.9
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b22fdee17ec62604060fb0fda5e1414b634666e1",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-ed4dc48b"
},
{
"digest": {
"length": 1807.0,
"function_hash": "297240032096273043901541188826951697652"
},
"target": {
"file": "drivers/vdpa/vdpa_user/vduse_dev.c",
"function": "vduse_create_dev"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a7a81f4835dfda11f39fdd27586da14331896eb",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49329-ff764a2c"
}
]