ghsa-9hwv-rwqx-f5cv
Vulnerability from github
Published
2025-03-17 18:31
Modified
2025-03-17 18:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags

In nvme_alloc_admin_tags, the admin_q can be set to an error (typically -ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which is checked immediately after the call. However, when we return the error message up the stack, to nvme_reset_work the error takes us to nvme_remove_dead_ctrl() nvme_dev_disable() nvme_suspend_queue(&dev->queues[0]).

Here, we only check that the admin_q is non-NULL, rather than not an error or NULL, and begin quiescing a queue that never existed, leading to bad / NULL pointer dereference.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:25Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags\n\nIn nvme_alloc_admin_tags, the admin_q can be set to an error (typically\n-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which\nis checked immediately after the call. However, when we return the error\nmessage up the stack, to nvme_reset_work the error takes us to\nnvme_remove_dead_ctrl()\n  nvme_dev_disable()\n   nvme_suspend_queue(\u0026dev-\u003equeues[0]).\n\nHere, we only check that the admin_q is non-NULL, rather than not\nan error or NULL, and begin quiescing a queue that never existed, leading\nto bad / NULL pointer dereference.",
  "id": "GHSA-9hwv-rwqx-f5cv",
  "modified": "2025-03-17T18:31:51Z",
  "published": "2025-03-17T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49492"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/54a4c1e47d1b2585e74920399455bd9abbfb2bd7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a28556082d1fbcbc599baf1c24252dfc73efefc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8321b17789f614414206af07e17ce4751c95dc76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8da2b7bdb47e94bbc4062a3978c708926bcb022c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/906c81dba8ee8057523859b5e1a2479e9fd34860"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e649471b396fa0139d53919354ce1eace9b9a24"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af98940dd33c9f9e1beb4f71c0a39260100e2a65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da42761181627e9bdc37d18368b827948a583929"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f76729662650cd7bc8f8194e057af381370349a7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.