CVE-2022-49806

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential null pointer dereference issue has been identified in the Linux kernel, specifically in the sparx stats init() and sparx5 start() functions. The sparx stats init() function calls create singlethread workqueue() without checking the return value, which may be NULL, leading to a null pointer dereference. This occurs when queue delayed work() is called, followed by queue delayed work on() and queue delayed work(), ultimately accessing wq->flags and causing a null pointer dereference. The issue is resolved by checking the return value and returning -ENOMEM if it is NULL.

Recommendations For the Linux kernel, check the return value of create singlethread workqueue() in sparx stats init() and sparx5 start() and return -ENOMEM if it is NULL to prevent null pointer dereferences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.