Bug 2348194 (CVE-2022-49731) - CVE-2022-49731 kernel: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
Summary: CVE-2022-49731 kernel: ata: libata-core: fix NULL pointer deref in ata_host_a...
Keywords:
Status: NEW
Alias: CVE-2022-49731
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:20 UTC by OSIDB Bzimport
Modified: 2025-03-20 13:43 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:20:53 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()

In an unlikely (and probably wrong?) case that the 'ppi' parameter of
ata_host_alloc_pinfo() points to an array starting with a NULL pointer,
there's going to be a kernel oops as the 'pi' local variable won't get
reassigned from the initial value of NULL. Initialize 'pi' instead to
'&ata_dummy_port_info' to fix the possible kernel oops for good...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Comment 1 Avinash Hanwate 2025-02-26 19:36:40 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2022-49731-c7ba@gregkh/T
Comment 4 Avinash Hanwate 2025-02-27 16:13:44 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2022-49731-c7ba@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.