CVE-2022-49895

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49895
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49895.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49895
Downstream
Published
2025-05-01T14:10:37Z
Modified
2025-10-15T00:13:28.457482Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
cxl/region: Fix decoder allocation crash
Details

In the Linux kernel, the following vulnerability has been resolved:

cxl/region: Fix decoder allocation crash

When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxlportattach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path.

However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG.

To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
384e624bb211b406db40edc900bb51af8bb267d0
Fixed
c6813b5610ac53af73edd87a660d23a0511faa47
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
384e624bb211b406db40edc900bb51af8bb267d0
Fixed
71ee71d7adcba648077997a29a91158d20c40b09

Affected versions

v5.*

v5.19
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.1-rc1

Database specific

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/cxl/core/region.c",
                "function": "cxl_port_attach_region"
            },
            "signature_version": "v1",
            "digest": {
                "length": 2013.0,
                "function_hash": "93708853728826153346124595603943224673"
            },
            "id": "CVE-2022-49895-044150da",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/cxl/core/region.c",
                "function": "free_region_ref"
            },
            "signature_version": "v1",
            "digest": {
                "length": 407.0,
                "function_hash": "274247016068661165053481452882269806649"
            },
            "id": "CVE-2022-49895-322c5d81",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/cxl/core/region.c",
                "function": "cxl_port_attach_region"
            },
            "signature_version": "v1",
            "digest": {
                "length": 2013.0,
                "function_hash": "93708853728826153346124595603943224673"
            },
            "id": "CVE-2022-49895-41c8f0b6",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/cxl/core/region.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "282887509321290744467819541651263116981",
                    "257788235504663120323602932389217189912",
                    "124632813068898921689031298167814019611",
                    "57088514151104978111813866578680904520",
                    "192251388469351793691807266062513095078",
                    "64120615929996060439946740215708959694",
                    "141252521164182812256223738462439249348",
                    "81385303927313213234015128853998318200",
                    "215922610297395338403250798859901214161",
                    "75391494936924409770941724289379331824",
                    "188715679701858914174876474308806952357",
                    "29986446935859286801640405048913814172",
                    "66801399156575877839105606582177009821",
                    "53777275195802928619982148026538353484",
                    "135246627509207954239783831846918131809",
                    "126480484820191194728737964413233016501",
                    "306098714254346974025462577453671659882",
                    "173222317252836901465486701016145682384",
                    "313395436358252939921188092644020108866",
                    "217411070560544325816760292677518946081",
                    "302564319654590665989445001768876361928",
                    "225981714960860594943916628838737948332",
                    "117921204904499862469198390677269151172",
                    "159008482469408307843852444432679906979",
                    "195999899945232910771666826582784333012",
                    "249775824043597993009014608931306973455",
                    "90506633632306262569418723222843633565",
                    "181570203945446887791556139134058455193",
                    "104045355363125745590237685471896722591",
                    "225302266746188680480140677952024013359",
                    "169311850852437143427880989683911269871",
                    "311753784342271108973537205442456369747",
                    "4352135612537872774204815063584209757",
                    "136016552620488535792749218114501637592",
                    "176036032426640096515814733989198551881",
                    "289283132637592813776852506199694104986",
                    "179528762185133835237580038782665279737",
                    "267743811910157092077767035230499048806",
                    "261705191225320800864061647506872990583",
                    "232842191454522685124637879774540874651",
                    "295548990220617227035769773603607747136"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-49895-7fac40c1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/cxl/core/region.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "282887509321290744467819541651263116981",
                    "257788235504663120323602932389217189912",
                    "124632813068898921689031298167814019611",
                    "57088514151104978111813866578680904520",
                    "192251388469351793691807266062513095078",
                    "64120615929996060439946740215708959694",
                    "141252521164182812256223738462439249348",
                    "81385303927313213234015128853998318200",
                    "215922610297395338403250798859901214161",
                    "75391494936924409770941724289379331824",
                    "188715679701858914174876474308806952357",
                    "29986446935859286801640405048913814172",
                    "66801399156575877839105606582177009821",
                    "53777275195802928619982148026538353484",
                    "135246627509207954239783831846918131809",
                    "126480484820191194728737964413233016501",
                    "306098714254346974025462577453671659882",
                    "173222317252836901465486701016145682384",
                    "313395436358252939921188092644020108866",
                    "217411070560544325816760292677518946081",
                    "302564319654590665989445001768876361928",
                    "225981714960860594943916628838737948332",
                    "117921204904499862469198390677269151172",
                    "159008482469408307843852444432679906979",
                    "195999899945232910771666826582784333012",
                    "249775824043597993009014608931306973455",
                    "90506633632306262569418723222843633565",
                    "181570203945446887791556139134058455193",
                    "104045355363125745590237685471896722591",
                    "225302266746188680480140677952024013359",
                    "169311850852437143427880989683911269871",
                    "311753784342271108973537205442456369747",
                    "4352135612537872774204815063584209757",
                    "136016552620488535792749218114501637592",
                    "176036032426640096515814733989198551881",
                    "289283132637592813776852506199694104986",
                    "179528762185133835237580038782665279737",
                    "267743811910157092077767035230499048806",
                    "261705191225320800864061647506872990583",
                    "232842191454522685124637879774540874651",
                    "295548990220617227035769773603607747136"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2022-49895-b14556cb",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71ee71d7adcba648077997a29a91158d20c40b09"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/cxl/core/region.c",
                "function": "free_region_ref"
            },
            "signature_version": "v1",
            "digest": {
                "length": 407.0,
                "function_hash": "274247016068661165053481452882269806649"
            },
            "id": "CVE-2022-49895-d947fe7c",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6813b5610ac53af73edd87a660d23a0511faa47"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.8