CVE-2022-49731

MEDIUM EPSS 18.4%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, there's going to be a kernel oops as the 'pi' local variable won't get reassigned from the initial value of NULL. Initialize 'pi' instead to '&ata_dummy_port_info' to fix the possible kernel oops for good... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
18.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel* <4.9.320
linuxlinux_kernel*≥4.10  –  <4.14.285
linuxlinux_kernel*≥4.15  –  <4.19.249
linuxlinux_kernel*≥4.20  –  <5.4.200
linuxlinux_kernel*≥5.5  –  <5.10.124
linuxlinux_kernel*≥5.11  –  <5.15.49
linuxlinux_kernel*≥5.16  –  <5.18.6
linuxlinux_kernel5.19any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/07cbdb4807d369fbda73062a91b570c4dc5ec429
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1ac5efee33f29e704226506d429b84575a5d66f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/253334f84c81bc6a43af489f108c0bddad989eef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b22d7defd5c62497
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bf476fe22aa1851bab4728e0c49025a6a0bea307
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff128fbea720bf763fa345680dda5f050bc24a47
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/07cbdb4807d369fbda73062a91b570c4dc5ec429
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1ac5efee33f29e704226506d429b84575a5d66f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/253334f84c81bc6a43af489f108c0bddad989eef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b22d7defd5c62497
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bf476fe22aa1851bab4728e0c49025a6a0bea307
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff128fbea720bf763fa345680dda5f050bc24a47
    Patch