CVE-2022-49826

HIGH EPSS 8.4%
Published May 1, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() is called again, the refcount is decreased to 0, ata_host_release() is called, all ports are freed and set to null. When unbinding the device after failure, ata_host_stop() is called to release the resources, it leads a null-ptr-deref(), because all the ports all freed and null. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ata_host_stop+0x3c/0x84 [libata] lr : release_nodes+0x64/0xd0 Call trace: ata_host_stop+0x3c/0x84 [libata] release_nodes+0x64/0xd0 devres_release_all+0xbc/0x1b0 device_unbind_cleanup+0x20/0x70 really_probe+0x158/0x320 __driver_probe_device+0x84/0x120 driver_probe_device+0x44/0x120 __driver_attach+0xb4/0x220 bus_for_each_dev+0x78/0xdc driver_attach+0x2c/0x40 bus_add_driver+0x184/0x240 driver_register+0x80/0x13c __pci_register_driver+0x4c/0x60 ahci_pci_driver_init+0x30/0x1000 [ahci] Fix this by removing redundant ata_host_put() in the error path.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
8.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.17  –  <4.19.267
linuxlinux_kernel*≥4.20  –  <5.4.225
linuxlinux_kernel*≥5.5  –  <5.10.156
linuxlinux_kernel*≥5.11  –  <5.15.80
linuxlinux_kernel*≥5.16  –  <6.0.10
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5
    Patch