Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49826

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() is called again, the refcount is decreased to 0, ata_host_release() is called, all ports are freed and set to null. When unbinding the device after failure, ata_host_stop() is called to release the resources, it leads a null-ptr-deref(), because all the ports all freed and null. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ata_host_stop+0x3c/0x84 [libata] lr : release_nodes+0x64/0xd0 Call trace: ata_host_stop+0x3c/0x84 [libata] release_nodes+0x64/0xd0 devres_release_all+0xbc/0x1b0 device_unbind_cleanup+0x20/0x70 really_probe+0x158/0x320 __driver_probe_device+0x84/0x120 driver_probe_device+0x44/0x120 __driver_attach+0xb4/0x220 bus_for_each_dev+0x78/0xdc driver_attach+0x2c/0x40 bus_add_driver+0x184/0x240 driver_register+0x80/0x13c __pci_register_driver+0x4c/0x60 ahci_pci_driver_init+0x30/0x1000 [ahci] Fix this by removing redundant ata_host_put() in the error path.

Published

2025-05-01T15:16:06.043

Last Modified

2025-11-10T20:15:47.177

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-415

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.19.267	Yes
Operating System	linux	linux_kernel	< 5.4.225	Yes
Operating System	linux	linux_kernel	< 5.10.156	Yes
Operating System	linux	linux_kernel	< 5.15.80	Yes
Operating System	linux	linux_kernel	< 6.0.10	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes
Operating System	linux	linux_kernel	6.1	Yes

References

https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)