CVE-2022-49492
Feb. 26, 2025, 7:01 a.m.
None
No Score
Description
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
In nvme_alloc_admin_tags, the admin_q can be set to an error (typically
-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which
is checked immediately after the call. However, when we return the error
message up the stack, to nvme_reset_work the error takes us to
nvme_remove_dead_ctrl()
nvme_dev_disable()
nvme_suspend_queue(&dev->queues[0]).
Here, we only check that the admin_q is non-NULL, rather than not
an error or NULL, and begin quiescing a queue that never existed, leading
to bad / NULL pointer dereference.
Product(s) Impacted
| Product | Versions |
|---|---|
| Linux Kernel |
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
References
Tags
Timeline
Published: Feb. 26, 2025, 7:01 a.m.
Last Modified: Feb. 26, 2025, 7:01 a.m.
Last Modified: Feb. 26, 2025, 7:01 a.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
416baaa9-dc9f-4396-8d5f-8c081fb06d67
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.