CVE-2022-49895

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-49895

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49895.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49895

Downstream

DEBIAN-CVE-2022-49895

UBUNTU-CVE-2022-49895

Published

2025-05-01T14:10:37.707Z

Modified

2026-03-11T07:47:56.569969Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

cxl/region: Fix decoder allocation crash

Details

In the Linux kernel, the following vulnerability has been resolved:

cxl/region: Fix decoder allocation crash

When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxlportattach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path.

However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG.

To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49895.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

384e624bb211b406db40edc900bb51af8bb267d0

Fixed

c6813b5610ac53af73edd87a660d23a0511faa47

Fixed

71ee71d7adcba648077997a29a91158d20c40b09

Affected versions

v5.*

v5.19

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.1-rc1

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "cxl_port_attach_region",
            "file": "drivers/cxl/core/region.c"
        },
        "id": "CVE-2022-49895-044150da",
        "digest": {
            "function_hash": "93708853728826153346124595603943224673",
            "length": 2013.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "function": "free_region_ref",
            "file": "drivers/cxl/core/region.c"
        },
        "id": "CVE-2022-49895-322c5d81",
        "digest": {
            "function_hash": "274247016068661165053481452882269806649",
            "length": 407.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "function": "cxl_port_attach_region",
            "file": "drivers/cxl/core/region.c"
        },
        "id": "CVE-2022-49895-41c8f0b6",
        "digest": {
            "function_hash": "93708853728826153346124595603943224673",
            "length": 2013.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "drivers/cxl/core/region.c"
        },
        "id": "CVE-2022-49895-7fac40c1",
        "digest": {
            "line_hashes": [
                "282887509321290744467819541651263116981",
                "257788235504663120323602932389217189912",
                "124632813068898921689031298167814019611",
                "57088514151104978111813866578680904520",
                "192251388469351793691807266062513095078",
                "64120615929996060439946740215708959694",
                "141252521164182812256223738462439249348",
                "81385303927313213234015128853998318200",
                "215922610297395338403250798859901214161",
                "75391494936924409770941724289379331824",
                "188715679701858914174876474308806952357",
                "29986446935859286801640405048913814172",
                "66801399156575877839105606582177009821",
                "53777275195802928619982148026538353484",
                "135246627509207954239783831846918131809",
                "126480484820191194728737964413233016501",
                "306098714254346974025462577453671659882",
                "173222317252836901465486701016145682384",
                "313395436358252939921188092644020108866",
                "217411070560544325816760292677518946081",
                "302564319654590665989445001768876361928",
                "225981714960860594943916628838737948332",
                "117921204904499862469198390677269151172",
                "159008482469408307843852444432679906979",
                "195999899945232910771666826582784333012",
                "249775824043597993009014608931306973455",
                "90506633632306262569418723222843633565",
                "181570203945446887791556139134058455193",
                "104045355363125745590237685471896722591",
                "225302266746188680480140677952024013359",
                "169311850852437143427880989683911269871",
                "311753784342271108973537205442456369747",
                "4352135612537872774204815063584209757",
                "136016552620488535792749218114501637592",
                "176036032426640096515814733989198551881",
                "289283132637592813776852506199694104986",
                "179528762185133835237580038782665279737",
                "267743811910157092077767035230499048806",
                "261705191225320800864061647506872990583",
                "232842191454522685124637879774540874651",
                "295548990220617227035769773603607747136"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "file": "drivers/cxl/core/region.c"
        },
        "id": "CVE-2022-49895-b14556cb",
        "digest": {
            "line_hashes": [
                "282887509321290744467819541651263116981",
                "257788235504663120323602932389217189912",
                "124632813068898921689031298167814019611",
                "57088514151104978111813866578680904520",
                "192251388469351793691807266062513095078",
                "64120615929996060439946740215708959694",
                "141252521164182812256223738462439249348",
                "81385303927313213234015128853998318200",
                "215922610297395338403250798859901214161",
                "75391494936924409770941724289379331824",
                "188715679701858914174876474308806952357",
                "29986446935859286801640405048913814172",
                "66801399156575877839105606582177009821",
                "53777275195802928619982148026538353484",
                "135246627509207954239783831846918131809",
                "126480484820191194728737964413233016501",
                "306098714254346974025462577453671659882",
                "173222317252836901465486701016145682384",
                "313395436358252939921188092644020108866",
                "217411070560544325816760292677518946081",
                "302564319654590665989445001768876361928",
                "225981714960860594943916628838737948332",
                "117921204904499862469198390677269151172",
                "159008482469408307843852444432679906979",
                "195999899945232910771666826582784333012",
                "249775824043597993009014608931306973455",
                "90506633632306262569418723222843633565",
                "181570203945446887791556139134058455193",
                "104045355363125745590237685471896722591",
                "225302266746188680480140677952024013359",
                "169311850852437143427880989683911269871",
                "311753784342271108973537205442456369747",
                "4352135612537872774204815063584209757",
                "136016552620488535792749218114501637592",
                "176036032426640096515814733989198551881",
                "289283132637592813776852506199694104986",
                "179528762185133835237580038782665279737",
                "267743811910157092077767035230499048806",
                "261705191225320800864061647506872990583",
                "232842191454522685124637879774540874651",
                "295548990220617227035769773603607747136"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "free_region_ref",
            "file": "drivers/cxl/core/region.c"
        },
        "id": "CVE-2022-49895-d947fe7c",
        "digest": {
            "function_hash": "274247016068661165053481452882269806649",
            "length": 407.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49895.json"