admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-495xx/CVE-2022-49509.json
cad-safe-bot 6a206bf025 Auto-Update: 2025-03-09T03:00:19.873769+00:00
2025-03-09 03:03:50 +00:00

37 lines
6.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-49509",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:27.017",
"lastModified": "2025-02-26T07:01:27.017",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: max9286: fix kernel oops when removing module\n\nWhen removing the max9286 module we get a kernel oops:\n\nUnable to handle kernel paging request at virtual address 000000aa00000094\nMem abort info:\n ESR = 0x96000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000\n[000000aa00000094] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 96000004 [#1] PREEMPT SMP\nModules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec\nCPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5\nHardware name: Freescale i.MX8QXP MEK (DT)\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : i2c_mux_del_adapters+0x24/0xf0\nlr : max9286_remove+0x28/0xd0 [max9286]\nsp : ffff800013a9bbf0\nx29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000\nx20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8\nx11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000\nCall trace:\n i2c_mux_del_adapters+0x24/0xf0\n max9286_remove+0x28/0xd0 [max9286]\n i2c_device_remove+0x40/0x110\n __device_release_driver+0x188/0x234\n driver_detach+0xc4/0x150\n bus_remove_driver+0x60/0xe0\n driver_unregister+0x34/0x64\n i2c_del_driver+0x58/0xa0\n max9286_i2c_driver_exit+0x1c/0x490 [max9286]\n __arm64_sys_delete_module+0x194/0x260\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xd4/0xfc\n do_el0_svc+0x2c/0x94\n el0_svc+0x28/0x80\n el0t_64_sync_handler+0xa8/0x130\n el0t_64_sync+0x1a0/0x1a4\n\nThe Oops happens because the I2C client data does not point to\nmax9286_priv anymore but to v4l2_subdev. The change happened in\nmax9286_init() which calls v4l2_i2c_subdev_init() later on...\n\nBesides fixing the max9286_remove() function, remove the call to\ni2c_set_clientdata() in max9286_probe(), to avoid confusion, and make\nthe necessary changes to max9286_init() so that it doesn't have to use\ni2c_get_clientdata() in order to fetch the pointer to priv."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: i2c: max9286: arregla el error del kernel al eliminar el m\u00f3dulo Al eliminar el m\u00f3dulo max9286 obtenemos un error del kernel: No se puede gestionar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 000000aa00000094 Mem abort info: ESR = 0x96000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000 [000000aa00000094] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec CPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5 Hardware name: Freescale i.MX8QXP MEK (DT) pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : i2c_mux_del_adapters+0x24/0xf0 lr : max9286_remove+0x28/0xd0 [max9286] sp : ffff800013a9bbf0 x29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000 x20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8 x11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098 x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d x5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000 Call trace: i2c_mux_del_adapters+0x24/0xf0 max9286_remove+0x28/0xd0 [max9286] i2c_device_remove+0x40/0x110 __device_release_driver+0x188/0x234 driver_detach+0xc4/0x150 bus_remove_driver+0x60/0xe0 driver_unregister+0x34/0x64 i2c_del_driver+0x58/0xa0 max9286_i2c_driver_exit+0x1c/0x490 [max9286] __arm64_sys_delete_module+0x194/0x260 invoke_syscall+0x48/0x114 el0_svc_common.constprop.0+0xd4/0xfc do_el0_svc+0x2c/0x94 el0_svc+0x28/0x80 el0t_64_sync_handler+0xa8/0x130 el0t_64_sync+0x1a0/0x1a4 The Oops happens because the I2C client data does not point to max9286_priv anymore but to v4l2_subdev. El cambio ocurri\u00f3 en max9286_init() que llama a v4l2_i2c_subdev_init() m\u00e1s adelante... Adem\u00e1s de arreglar la funci\u00f3n max9286_remove(), elimine la llamada a i2c_set_clientdata() en max9286_probe(), para evitar confusiones, y haga los cambios necesarios en max9286_init() para que no tenga que usar i2c_get_clientdata() para obtener el puntero a priv."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/365ab7ebc24eebb42b9e020aeb440d51af8960cd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/579c77595dbbdfe4f2edf335899f86ac51eca4e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9dd783274c89c21a038d967b52a858a297e767f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a4ec75df70575cdf33d9638c7844e729bfe6ce24",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink