CVE-2022-49895
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49895
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49895.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49895
- Downstream
- Published
- 2025-05-01T14:10:37Z
- Modified
- 2025-10-15T00:13:28.457482Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- cxl/region: Fix decoder allocation crash
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix decoder allocation crash
When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxlportattach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path.
However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG.
To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced384e624bb211b406db40edc900bb51af8bb267d0Fixedc6813b5610ac53af73edd87a660d23a0511faa47
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced384e624bb211b406db40edc900bb51af8bb267d0Fixed71ee71d7adcba648077997a29a91158d20c40b09
Affected versions
v5.*
v5.19
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.1-rc1
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"function": "cxl_port_attach_region",
"file": "drivers/cxl/core/region.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09",
"deprecated": false,
"digest": {
"length": 2013.0,
"function_hash": "93708853728826153346124595603943224673"
},
"id": "CVE-2022-49895-044150da"
},
{
"signature_version": "v1",
"target": {
"function": "free_region_ref",
"file": "drivers/cxl/core/region.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09",
"deprecated": false,
"digest": {
"length": 407.0,
"function_hash": "274247016068661165053481452882269806649"
},
"id": "CVE-2022-49895-322c5d81"
},
{
"signature_version": "v1",
"target": {
"function": "cxl_port_attach_region",
"file": "drivers/cxl/core/region.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47",
"deprecated": false,
"digest": {
"length": 2013.0,
"function_hash": "93708853728826153346124595603943224673"
},
"id": "CVE-2022-49895-41c8f0b6"
},
{
"signature_version": "v1",
"target": {
"file": "drivers/cxl/core/region.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47",
"deprecated": false,
"digest": {
"line_hashes": [
"282887509321290744467819541651263116981",
"257788235504663120323602932389217189912",
"124632813068898921689031298167814019611",
"57088514151104978111813866578680904520",
"192251388469351793691807266062513095078",
"64120615929996060439946740215708959694",
"141252521164182812256223738462439249348",
"81385303927313213234015128853998318200",
"215922610297395338403250798859901214161",
"75391494936924409770941724289379331824",
"188715679701858914174876474308806952357",
"29986446935859286801640405048913814172",
"66801399156575877839105606582177009821",
"53777275195802928619982148026538353484",
"135246627509207954239783831846918131809",
"126480484820191194728737964413233016501",
"306098714254346974025462577453671659882",
"173222317252836901465486701016145682384",
"313395436358252939921188092644020108866",
"217411070560544325816760292677518946081",
"302564319654590665989445001768876361928",
"225981714960860594943916628838737948332",
"117921204904499862469198390677269151172",
"159008482469408307843852444432679906979",
"195999899945232910771666826582784333012",
"249775824043597993009014608931306973455",
"90506633632306262569418723222843633565",
"181570203945446887791556139134058455193",
"104045355363125745590237685471896722591",
"225302266746188680480140677952024013359",
"169311850852437143427880989683911269871",
"311753784342271108973537205442456369747",
"4352135612537872774204815063584209757",
"136016552620488535792749218114501637592",
"176036032426640096515814733989198551881",
"289283132637592813776852506199694104986",
"179528762185133835237580038782665279737",
"267743811910157092077767035230499048806",
"261705191225320800864061647506872990583",
"232842191454522685124637879774540874651",
"295548990220617227035769773603607747136"
],
"threshold": 0.9
},
"id": "CVE-2022-49895-7fac40c1"
},
{
"signature_version": "v1",
"target": {
"file": "drivers/cxl/core/region.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09",
"deprecated": false,
"digest": {
"line_hashes": [
"282887509321290744467819541651263116981",
"257788235504663120323602932389217189912",
"124632813068898921689031298167814019611",
"57088514151104978111813866578680904520",
"192251388469351793691807266062513095078",
"64120615929996060439946740215708959694",
"141252521164182812256223738462439249348",
"81385303927313213234015128853998318200",
"215922610297395338403250798859901214161",
"75391494936924409770941724289379331824",
"188715679701858914174876474308806952357",
"29986446935859286801640405048913814172",
"66801399156575877839105606582177009821",
"53777275195802928619982148026538353484",
"135246627509207954239783831846918131809",
"126480484820191194728737964413233016501",
"306098714254346974025462577453671659882",
"173222317252836901465486701016145682384",
"313395436358252939921188092644020108866",
"217411070560544325816760292677518946081",
"302564319654590665989445001768876361928",
"225981714960860594943916628838737948332",
"117921204904499862469198390677269151172",
"159008482469408307843852444432679906979",
"195999899945232910771666826582784333012",
"249775824043597993009014608931306973455",
"90506633632306262569418723222843633565",
"181570203945446887791556139134058455193",
"104045355363125745590237685471896722591",
"225302266746188680480140677952024013359",
"169311850852437143427880989683911269871",
"311753784342271108973537205442456369747",
"4352135612537872774204815063584209757",
"136016552620488535792749218114501637592",
"176036032426640096515814733989198551881",
"289283132637592813776852506199694104986",
"179528762185133835237580038782665279737",
"267743811910157092077767035230499048806",
"261705191225320800864061647506872990583",
"232842191454522685124637879774540874651",
"295548990220617227035769773603607747136"
],
"threshold": 0.9
},
"id": "CVE-2022-49895-b14556cb"
},
{
"signature_version": "v1",
"target": {
"function": "free_region_ref",
"file": "drivers/cxl/core/region.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47",
"deprecated": false,
"digest": {
"length": 407.0,
"function_hash": "274247016068661165053481452882269806649"
},
"id": "CVE-2022-49895-d947fe7c"
}
]
}