5.5

CVE-2022-49010

hwmon: (coretemp) Check for null before removing sysfs attrs

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (coretemp) Check for null before removing sysfs attrs

If coretemp_add_core() gets an error then pdata->core_data[indx]
is already NULL and has been kfreed. Don't pass that to
sysfs_remove_group() as that will crash in sysfs_remove_group().

[Shortened for readability]
[91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label'
<cpu offline>
[91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188
[91855.165103] #PF: supervisor read access in kernel mode
[91855.194506] #PF: error_code(0x0000) - not-present page
[91855.224445] PGD 0 P4D 0
[91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI
...
[91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80
...
[91855.796571] Call Trace:
[91855.810524]  coretemp_cpu_offline+0x12b/0x1dd [coretemp]
[91855.841738]  ? coretemp_cpu_online+0x180/0x180 [coretemp]
[91855.871107]  cpuhp_invoke_callback+0x105/0x4b0
[91855.893432]  cpuhp_thread_fun+0x8e/0x150
...

Fix this by checking for NULL first.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.0 < 4.9.335
LinuxLinux Kernel Version >= 4.10 < 4.14.301
LinuxLinux Kernel Version >= 4.15 < 4.19.268
LinuxLinux Kernel Version >= 4.20 < 5.4.226
LinuxLinux Kernel Version >= 5.5 < 5.10.158
LinuxLinux Kernel Version >= 5.11 < 5.15.82
LinuxLinux Kernel Version >= 5.16 < 6.0.12
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
LinuxLinux Kernel Version6.1 Updaterc6
LinuxLinux Kernel Version6.1 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.142
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f
Patch
https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c
Patch
https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16
Patch
https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653
Patch
https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a
Patch
https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b
Patch
https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b
Patch
https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99
Patch