CVE-2022-49826

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, which was caused by a double call to ata host put() in the ata tport add() function. This led to a null pointer dereference when unbinding a device after a failure, resulting in a kernel crash. The issue occurred because the reference count of ap->host was decreased to 0, causing all ports to be freed and set to null. When ata host stop() was called to release resources, it resulted in a null pointer dereference.

Recommendations To resolve this issue, remove the redundant ata host put() call in the error path of ata tport add(). This fix will prevent the null pointer dereference and subsequent kernel crash.

Note: Since the affected versions are not explicitly specified, it is recommended to update to the latest Linux kernel version to ensure the fix is applied. However, the exact version with the fix is not provided in the input descriptions.