CVE-2022-49974

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: nintendo: fix rumble worker null pointer deref

We can dereference a null pointer trying to queue work to a destroyed workqueue.

If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED.

This eliminates the null pointer dereference.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2af16c1f846bd60240745bbd3afa13d5f040c61a < 7c6e6c334154be16740b44dcd7638fb510b9bd91affected
LinuxLinux2af16c1f846bd60240745bbd3afa13d5f040c61a < 1ff89e06c2e5fab30274e4b02360d4241d6e605eaffected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.19.7 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References