CVE-2022-49476

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49476

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49476.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49476

Related

Published

2025-02-26T07:01:23Z

Modified

2025-03-17T16:08:07Z

Downstream

SUSE-SU-2025:1241-1

SUSE-SU-2025:1176-1

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7921: fix kernel crash at mt7921pciremove

The crash log shown it is possible that mt7921irqhandler is called while devmfreeirq is being handled so mt76freedevice need to be postponed until devmfreeirq is completed to solve the crash we free the mt76 device too early.

[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: errorcode(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x8664 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921irqhandler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] <TASK> [ 9299.340485] _freeirq+0x221/0x350 [ 9299.340527] freeirq+0x30/0x70 [ 9299.340553] devmfreeirq+0x55/0x80 [ 9299.340579] mt7921pciremove+0x2f/0x40 [mt7921e] [ 9299.340616] pcideviceremove+0x3b/0xa0 [ 9299.340651] _devicereleasedriver+0x17a/0x240 [ 9299.340686] devicedriverdetach+0x3c/0xa0 [ 9299.340714] unbindstore+0x113/0x130 [ 9299.340740] kernfsfopwriteiter+0x124/0x1b0 [ 9299.340775] newsyncwrite+0x15c/0x1f0 [ 9299.340806] vfswrite+0x1d2/0x270 [ 9299.340831] ksyswrite+0x67/0xe0 [ 9299.340857] dosyscall64+0x3b/0x90 [ 9299.340887] entrySYSCALL64afterhwframe+0x44/0xae

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}