In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix decoder allocation crash
When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxlportattach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path.
However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG.
To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/cxl/core/region.c", "function": "cxl_port_attach_region" }, "signature_version": "v1", "digest": { "length": 2013.0, "function_hash": "93708853728826153346124595603943224673" }, "id": "CVE-2022-49895-044150da", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/cxl/core/region.c", "function": "free_region_ref" }, "signature_version": "v1", "digest": { "length": 407.0, "function_hash": "274247016068661165053481452882269806649" }, "id": "CVE-2022-49895-322c5d81", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/cxl/core/region.c", "function": "cxl_port_attach_region" }, "signature_version": "v1", "digest": { "length": 2013.0, "function_hash": "93708853728826153346124595603943224673" }, "id": "CVE-2022-49895-41c8f0b6", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/cxl/core/region.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "282887509321290744467819541651263116981", "257788235504663120323602932389217189912", "124632813068898921689031298167814019611", "57088514151104978111813866578680904520", "192251388469351793691807266062513095078", "64120615929996060439946740215708959694", "141252521164182812256223738462439249348", "81385303927313213234015128853998318200", "215922610297395338403250798859901214161", "75391494936924409770941724289379331824", "188715679701858914174876474308806952357", "29986446935859286801640405048913814172", "66801399156575877839105606582177009821", "53777275195802928619982148026538353484", "135246627509207954239783831846918131809", "126480484820191194728737964413233016501", "306098714254346974025462577453671659882", "173222317252836901465486701016145682384", "313395436358252939921188092644020108866", "217411070560544325816760292677518946081", "302564319654590665989445001768876361928", "225981714960860594943916628838737948332", "117921204904499862469198390677269151172", "159008482469408307843852444432679906979", "195999899945232910771666826582784333012", "249775824043597993009014608931306973455", "90506633632306262569418723222843633565", "181570203945446887791556139134058455193", "104045355363125745590237685471896722591", "225302266746188680480140677952024013359", "169311850852437143427880989683911269871", "311753784342271108973537205442456369747", "4352135612537872774204815063584209757", "136016552620488535792749218114501637592", "176036032426640096515814733989198551881", "289283132637592813776852506199694104986", "179528762185133835237580038782665279737", "267743811910157092077767035230499048806", "261705191225320800864061647506872990583", "232842191454522685124637879774540874651", "295548990220617227035769773603607747136" ], "threshold": 0.9 }, "id": "CVE-2022-49895-7fac40c1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/cxl/core/region.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "282887509321290744467819541651263116981", "257788235504663120323602932389217189912", "124632813068898921689031298167814019611", "57088514151104978111813866578680904520", "192251388469351793691807266062513095078", "64120615929996060439946740215708959694", "141252521164182812256223738462439249348", "81385303927313213234015128853998318200", "215922610297395338403250798859901214161", "75391494936924409770941724289379331824", "188715679701858914174876474308806952357", "29986446935859286801640405048913814172", "66801399156575877839105606582177009821", "53777275195802928619982148026538353484", "135246627509207954239783831846918131809", "126480484820191194728737964413233016501", "306098714254346974025462577453671659882", "173222317252836901465486701016145682384", "313395436358252939921188092644020108866", "217411070560544325816760292677518946081", "302564319654590665989445001768876361928", "225981714960860594943916628838737948332", "117921204904499862469198390677269151172", "159008482469408307843852444432679906979", "195999899945232910771666826582784333012", "249775824043597993009014608931306973455", "90506633632306262569418723222843633565", "181570203945446887791556139134058455193", "104045355363125745590237685471896722591", "225302266746188680480140677952024013359", "169311850852437143427880989683911269871", "311753784342271108973537205442456369747", "4352135612537872774204815063584209757", "136016552620488535792749218114501637592", "176036032426640096515814733989198551881", "289283132637592813776852506199694104986", "179528762185133835237580038782665279737", "267743811910157092077767035230499048806", "261705191225320800864061647506872990583", "232842191454522685124637879774540874651", "295548990220617227035769773603607747136" ], "threshold": 0.9 }, "id": "CVE-2022-49895-b14556cb", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/cxl/core/region.c", "function": "free_region_ref" }, "signature_version": "v1", "digest": { "length": 407.0, "function_hash": "274247016068661165053481452882269806649" }, "id": "CVE-2022-49895-d947fe7c", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47" } ] }