CVE-2022-49187
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: Fix clk_hw_get_clk() when dev is NULL
Any registered clk_core structure can have a NULL pointer in its dev field. While never actually documented, this is evidenced by the wide usage of clk_register and clk_hw_register with a NULL device pointer, and the fact that the core of_clk_hw_register() function also passes a NULL device pointer.
A call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that case will result in a NULL pointer derefence when it calls dev_name() on that NULL device pointer.
Add a test for this case and use NULL as the dev_id if the device pointer is NULL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < 4be3e4c05d8dd1b83b75652cad88c9e752ec7054 | affected |
| Linux | Linux | 30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < d183f20cf5a7b546d4108e796b98210ceb317579 | affected |
| Linux | Linux | 30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < 23f89fe005b105f0dcc55034c13eb89f9b570fac | affected |
| Linux | Linux | 30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2 < 0c1b56df451716ba207bbf59f303473643eee4fd | affected |
| Linux | Linux | 5.11 | affected |
| Linux | Linux | 0 < 5.11 | unaffected |
| Linux | Linux | 5.15.33 <= 5.15.* | unaffected |
| Linux | Linux | 5.16.19 <= 5.16.* | unaffected |
| Linux | Linux | 5.17.2 <= 5.17.* | unaffected |
| Linux | Linux | 5.18 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/4be3e4c05d8dd1b83b75652cad88c9e752ec7054
- https://git.kernel.org/stable/c/d183f20cf5a7b546d4108e796b98210ceb317579
- https://git.kernel.org/stable/c/23f89fe005b105f0dcc55034c13eb89f9b570fac
- https://git.kernel.org/stable/c/0c1b56df451716ba207bbf59f303473643eee4fd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.