NVD Vulnerability Detail

CVE-2022-49021

Summary	In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:klist_put+0x2d/0xd0 Call Trace: <TASK> klist_remove+0xf1/0x1c0 device_release_driver_internal+0x23e/0x2d0 bus_remove_device+0x1bd/0x240 device_del+0x357/0x770 phy_device_remove+0x11/0x30 mdiobus_unregister+0xa5/0x140 release_nodes+0x6a/0xa0 devres_release_all+0xf8/0x150 device_unbind_cleanup+0x19/0xd0 //probe path: phy_device_register() device_add() phy_connect phy_attach_direct() //set device driver probe() //it's failed, driver is not bound device_bind_driver() // probe failed, it's not called //remove path: phy_device_remove() device_del() device_release_driver_internal() __device_release_driver() //dev->drv is not NULL klist_remove() <- knode_driver is not added yet, cause null-ptr-deref In phy_attach_direct(), after setting the 'dev->driver', probe() fails, device_bind_driver() is not called, so the knode_driver->n_klist is not set, then it causes null-ptr-deref in __device_release_driver() while deleting device. Fix this by setting dev->driver to NULL in the error path in phy_attach_direct().
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, 12:01 p.m.
Last Update	Oct. 25, 2024, 3:44 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::
cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::
cpe:2.3:o:linux:linux_kernel::::::::	4.10			4.14.301
cpe:2.3:o:linux:linux_kernel::::::::	4.15			4.19.268
cpe:2.3:o:linux:linux_kernel::::::::	4.20			5.4.226
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.0.12
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.82
cpe:2.3:o:linux:linux_kernel::::::::	5.5			5.10.158
cpe:2.3:o:linux:linux_kernel::::::::	2.6.14			4.9.335

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/8aaafe0f71314f46a066382a047ba8bb3840d273	Patch
2	https://git.kernel.org/stable/c/51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7	Patch
3	https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972	Patch
4	https://git.kernel.org/stable/c/3e21f85d87c836462bb52ef2078ea561260935c1	Patch
5	https://git.kernel.org/stable/c/fe6bc99c27c21348f548966118867ed26a9a372c	Patch
6	https://git.kernel.org/stable/c/7730904f50c7187dd16c76949efb56b5fb55cd57	Patch
7	https://git.kernel.org/stable/c/eaa5722549ac2604ffa56c2e946acc83226f130c	Patch
8	https://git.kernel.org/stable/c/369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html

JVN Vulnerability Information

Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性

Title	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性
Summary	Linux の Linux Kernel には、NULL ポインタデリファレンスに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 27, 2022, midnight
Registration Date	Oct. 25, 2024, 3:28 p.m.
Last Update	Oct. 25, 2024, 3:28 p.m.

Affected System

Linux

Linux Kernel 2.6.14 以上 4.9.335 未満

Linux Kernel 4.10 以上 4.14.301 未満

Linux Kernel 4.15 以上 4.19.268 未満

Linux Kernel 4.20 以上 5.4.226 未満

Linux Kernel 5.11 以上 5.15.82 未満

Linux Kernel 5.16 以上 6.0.12 未満

Linux Kernel 5.5 以上 5.10.158 未満

Linux Kernel 6.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-49021	https://www.cve.org/CVERecord?id=CVE-2022-49021
National Vulnerability Database (NVD)
2	CVE-2022-49021	https://nvd.nist.gov/vuln/detail/CVE-2022-49021

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-476	http://cwe.mitre.org/data/definitions/476.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	net: phy: fix null-ptr-deref while probe() failed (0744c7b)	https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972
2	net: phy: fix null-ptr-deref while probe() failed (369eb2c)	https://git.kernel.org/stable/c/369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6
3	net: phy: fix null-ptr-deref while probe() failed (3e21f85)	https://git.kernel.org/stable/c/3e21f85d87c836462bb52ef2078ea561260935c1
4	net: phy: fix null-ptr-deref while probe() failed (51d7f6b)	https://git.kernel.org/stable/c/51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7
5	net: phy: fix null-ptr-deref while probe() failed (7730904)	https://git.kernel.org/stable/c/7730904f50c7187dd16c76949efb56b5fb55cd57
6	net: phy: fix null-ptr-deref while probe() failed (8aaafe0)	https://git.kernel.org/stable/c/8aaafe0f71314f46a066382a047ba8bb3840d273
7	net: phy: fix null-ptr-deref while probe() failed (eaa5722)	https://git.kernel.org/stable/c/eaa5722549ac2604ffa56c2e946acc83226f130c
8	net: phy: fix null-ptr-deref while probe() failed (fe6bc99)	https://git.kernel.org/stable/c/fe6bc99c27c21348f548966118867ed26a9a372c
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月25日] 掲載	Oct. 25, 2024, 9:54 a.m.