2025-02-26 19:03:52 +00:00
|
|
|
{
|
|
|
|
|
"id": "CVE-2022-49476",
|
|
|
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
|
|
|
"published": "2025-02-26T07:01:23.800",
|
|
|
|
|
"lastModified": "2025-02-26T07:01:23.800",
|
|
|
|
|
"vulnStatus": "Received",
|
|
|
|
|
"cveTags": [],
|
|
|
|
|
"descriptions": [
|
|
|
|
|
{
|
|
|
|
|
"lang": "en",
|
|
|
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix kernel crash at mt7921_pci_remove\n\nThe crash log shown it is possible that mt7921_irq_handler is called while\ndevm_free_irq is being handled so mt76_free_device need to be postponed\nuntil devm_free_irq is completed to solve the crash we free the mt76 device\ntoo early.\n\n[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 9299.339705] #PF: supervisor read access in kernel mode\n[ 9299.339735] #PF: error_code(0x0000) - not-present page\n[ 9299.339768] PGD 0 P4D 0\n[ 9299.339786] Oops: 0000 [#1] SMP PTI\n[ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1\n[ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022\n[ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]\n[ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082\n[ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5\n[ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020\n[ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011\n[ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080\n[ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228\n[ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000\n[ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0\n[ 9299.340432] PKRU: 55555554\n[ 9299.340449] Call Trace:\n[ 9299.340467] <TASK>\n[ 9299.340485] __free_irq+0x221/0x350\n[ 9299.340527] free_irq+0x30/0x70\n[ 9299.340553] devm_free_irq+0x55/0x80\n[ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]\n[ 9299.340616] pci_device_remove+0x3b/0xa0\n[ 9299.340651] __device_release_driver+0x17a/0x240\n[ 9299.340686] device_driver_detach+0x3c/0xa0\n[ 9299.340714] unbind_store+0x113/0x130\n[ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0\n[ 9299.340775] new_sync_write+0x15c/0x1f0\n[ 9299.340806] vfs_write+0x1d2/0x270\n[ 9299.340831] ksys_write+0x67/0xe0\n[ 9299.340857] do_syscall_64+0x3b/0x90\n[ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae"
|
2025-03-02 03:03:52 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"lang": "es",
|
|
|
|
|
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mt76: mt7921: se corrige el fallo del kernel en mt7921_pci_remove El registro de fallos muestra que es posible que se llame a mt7921_irq_handler mientras se maneja devm_free_irq, por lo que mt76_free_device debe posponerse hasta que se complete devm_free_irq para resolver el fallo, liberamos el dispositivo mt76 demasiado pronto. [ 9299.339655] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000008 [ 9299.339705] #PF: acceso de lectura del supervisor en modo n\u00facleo [ 9299.339735] #PF: error_code(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] [ 9299.340485] __free_irq+0x221/0x350 [ 9299.340527] free_irq+0x30/0x70 [ 9299.340553] devm_free_irq+0x55/0x80 [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e] [ 9299.340616] pci_device_remove+0x3b/0xa0 [ 9299.340651] __device_release_driver+0x17a/0x240 [ 9299.340686] device_driver_detach+0x3c/0xa0 [ 9299.340714] unbind_store+0x113/0x130 [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0 [ 9299.340775] new_sync_write+0x15c/0x1f0 [ 9299.340806] vfs_write+0x1d2/0x270 [ 9299.340831] ksys_write+0x67/0xe0 [ 9299.340857] do_syscall_64+0x3b/0x90 [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae "
|
2025-02-26 19:03:52 +00:00
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"metrics": {},
|
|
|
|
|
"references": [
|
|
|
|
|
{
|
|
|
|
|
"url": "https://git.kernel.org/stable/c/09693f5b636fb3f6dd56fd943226fc1bbc600b51",
|
|
|
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"url": "https://git.kernel.org/stable/c/677e669973bf5460705bc65033445ea9f6615999",
|
|
|
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"url": "https://git.kernel.org/stable/c/ad483ed9dd5193a54293269c852a29051813b7bd",
|
|
|
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
