CVE-2022-49029
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free().
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 3%
Techniques & Countermeasures
- CWE-416•Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Affected Systems
- linux•linux
≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < f2a13196ad41c6c2ab058279dffe6c97292e753a | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < 798198273bf86673b970b51acdb35e57f42b3fcb | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < 24b9633f7db7f4809be7053df1d2e117e7c2de10 | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < 7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < 90907cd4d11351ff76c9a447bcb5db0e264c47cd | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < 45f6e81863747c0d7bc6a95ec51129900e71467a | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863 | ≥ 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab, < e2a87785aab0dac190ac89be6a9ba955e2c634f2 | 2.6.24
- linux•linux_kernel
≥ 2.6.24, < 4.9.335 | ≥ 4.10, < 4.14.301 | ≥ 4.15, < 4.19.268 | ≥ 4.20, < 5.4.226 | ≥ 5.5, < 5.10.158 | ≥ 5.11, < 5.15.82 | ≥ 5.16, < 6.0.12 | 6.1:rc1 | 6.1:rc2 | 6.1:rc3 | 6.1:rc4 | 6.1:rc5 | 6.1:rc6 | 6.1:rc7
References (8)
- https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a
- https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb
- https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10
- https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3
- https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd
- https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a
- https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863
- https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2