5.5

CVE-2022-50415

parisc: led: Fix potential null-ptr-deref in start_task()

In the Linux kernel, the following vulnerability has been resolved:

parisc: led: Fix potential null-ptr-deref in start_task()

start_task() calls create_singlethread_workqueue() and not checked the
ret value, which may return NULL. And a null-ptr-deref may happen:

start_task()
    create_singlethread_workqueue() # failed, led_wq is NULL
    queue_delayed_work()
        queue_delayed_work_on()
            __queue_delayed_work()  # warning here, but continue
                __queue_work()      # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.15 < 4.9.337
LinuxLinux Kernel Version >= 4.10 < 4.14.303
LinuxLinux Kernel Version >= 4.15 < 4.19.270
LinuxLinux Kernel Version >= 4.20 < 5.4.229
LinuxLinux Kernel Version >= 5.5 < 5.10.163
LinuxLinux Kernel Version >= 5.11 < 5.15.87
LinuxLinux Kernel Version >= 5.16 < 6.0.18
LinuxLinux Kernel Version >= 6.1 < 6.1.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/3505c187b86136250b39e62c72a3a70435277af6
Patch
https://git.kernel.org/stable/c/41f563ab3c33698bdfc3403c7c2e6c94e73681e4
Patch
https://git.kernel.org/stable/c/5e4500454d75dd249be4695d83afa3ba0724c37e
Patch
https://git.kernel.org/stable/c/67c98fec87ed76b1feb2ae810051afd88dfa9df6
Patch
https://git.kernel.org/stable/c/77f8b628affaec692d83ad8bfa3520db8a0cc493
Patch
https://git.kernel.org/stable/c/ac838c663ba1fd6bff35a817fd89a47ab55e88e0
Patch
https://git.kernel.org/stable/c/c6db0c32f39684c89c97bc1ba1c9c4249ca09e48
Patch
https://git.kernel.org/stable/c/fc307b2905a3dd75c50a53b4d87ac9c912fb7c4e
Patch
https://git.kernel.org/stable/c/fc6d0f65f22040c6cc8a5ce032bf90252629de50
Patch