5.5

CVE-2022-49731

ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()

In an unlikely (and probably wrong?) case that the 'ppi' parameter of
ata_host_alloc_pinfo() points to an array starting with a NULL pointer,
there's going to be a kernel oops as the 'pi' local variable won't get
reassigned from the initial value of NULL. Initialize 'pi' instead to
'&ata_dummy_port_info' to fix the possible kernel oops for good...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.9.320
LinuxLinux Kernel Version >= 4.10 < 4.14.285
LinuxLinux Kernel Version >= 4.15 < 4.19.249
LinuxLinux Kernel Version >= 4.20 < 5.4.200
LinuxLinux Kernel Version >= 5.5 < 5.10.124
LinuxLinux Kernel Version >= 5.11 < 5.15.49
LinuxLinux Kernel Version >= 5.16 < 5.18.6
LinuxLinux Kernel Version5.19 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.193
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/07cbdb4807d369fbda73062a91b570c4dc5ec429
Patch
https://git.kernel.org/stable/c/1ac5efee33f29e704226506d429b84575a5d66f8
Patch
https://git.kernel.org/stable/c/253334f84c81bc6a43af489f108c0bddad989eef
Patch
https://git.kernel.org/stable/c/36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a
Patch
https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b22d7defd5c62497
Patch
https://git.kernel.org/stable/c/bf476fe22aa1851bab4728e0c49025a6a0bea307
Patch
https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e
Patch
https://git.kernel.org/stable/c/ff128fbea720bf763fa345680dda5f050bc24a47
Patch