CVE-2022-49832

Summary

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map

Here is the BUG report by KASAN about null pointer dereference:

BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map

kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL pointer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < aaf552c5d53abe4659176e099575fe870d2e4768affected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < b4d9f55cd38435358bc16d580612bc0d798d7b4caffected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < a988dcd3dd9e691c5ccc3324b209688f3b5453e9affected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < 040f726fecd88121f3b95e70369785ad452dddf9affected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < 777430aa4ddccaa5accec6db90ffc1d47f00d471affected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < 97e5b508e96176f1a73888ed89df396d7041bfcbaffected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < 5834a3a98cd266ad35a229923c0adbd0addc8d68affected
LinuxLinux57291ce295c0aca738dd284c4a9c591c09ebee71 < 91d5c5060ee24fe8da88cd585bb43b843d2f0dceaffected
LinuxLinux3.5affected
LinuxLinux0 < 3.5unaffected
LinuxLinux4.9.334 <= 4.9.*unaffected
LinuxLinux4.14.300 <= 4.14.*unaffected
LinuxLinux4.19.267 <= 4.19.*unaffected
LinuxLinux5.4.225 <= 5.4.*unaffected
LinuxLinux5.10.156 <= 5.10.*unaffected
LinuxLinux5.15.80 <= 5.15.*unaffected
LinuxLinux6.0.10 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References