CVE-2022-49974
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: nintendo: fix rumble worker null pointer deref
We can dereference a null pointer trying to queue work to a destroyed workqueue.
If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED.
This eliminates the null pointer dereference.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2af16c1f846bd60240745bbd3afa13d5f040c61a < 7c6e6c334154be16740b44dcd7638fb510b9bd91 | affected |
| Linux | Linux | 2af16c1f846bd60240745bbd3afa13d5f040c61a < 1ff89e06c2e5fab30274e4b02360d4241d6e605e | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 5.19.7 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91
- https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.