CVE-2022-49187

Summary

In the Linux kernel, the following vulnerability has been resolved:

clk: Fix clk_hw_get_clk() when dev is NULL

Any registered clk_core structure can have a NULL pointer in its dev field. While never actually documented, this is evidenced by the wide usage of clk_register and clk_hw_register with a NULL device pointer, and the fact that the core of_clk_hw_register() function also passes a NULL device pointer.

A call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that case will result in a NULL pointer derefence when it calls dev_name() on that NULL device pointer.

Add a test for this case and use NULL as the dev_id if the device pointer is NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < 4be3e4c05d8dd1b83b75652cad88c9e752ec7054affected
LinuxLinux30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < d183f20cf5a7b546d4108e796b98210ceb317579affected
LinuxLinux30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < 23f89fe005b105f0dcc55034c13eb89f9b570facaffected
LinuxLinux30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < 0c1b56df451716ba207bbf59f303473643eee4fdaffected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.33 <= 5.15.*unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References