In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Fix region HPA ordering validation
Some regions may not have any address space allocated. Skip them when
validating HPA order otherwise a crash like the following may result:
devm_cxl_add_region: cxl_acpi cxl_acpi.0: decoder3.4: created region9
BUG: kernel NULL pointer dereference, address: 0000000000000000
[..]
RIP: 0010:store_targetN+0x655/0x1740 [cxl_core]
[..]
Call Trace:
<TASK>
kernfs_fop_write_iter+0x144/0x200
vfs_write+0x24a/0x4d0
ksys_write+0x69/0xf0
do_syscall_64+0x3a/0x90
store_targetN+0x655/0x1740:
alloc_region_ref at drivers/cxl/core/region.c:676
(inlined by) cxl_port_attach_region at drivers/cxl/core/region.c:850
(inlined by) cxl_region_attach at drivers/cxl/core/region.c:1290
(inlined by) attach_target at drivers/cxl/core/region.c:1410
(inlined by) store_targetN at drivers/cxl/core/region.c:1453
References
Configurations
Configuration 1 (hide)
|
History
07 May 2025, 13:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/12316b9f7c18138ae656050cfd716728e27b7e2f - Patch | |
References | () https://git.kernel.org/stable/c/a90accb358ae33ea982a35595573f7a045993f8b - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* |
|
First Time |
Linux linux Kernel
Linux |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-476 |
02 May 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 May 2025, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-01 15:16
Updated : 2025-05-07 13:19
NVD link : CVE-2022-49894
Mitre link : CVE-2022-49894
CVE.ORG link : CVE-2022-49894
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-476
NULL Pointer Dereference