CVE-2022-49824

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3+

Description A vulnerability in the Linux kernel has been resolved, specifically in the libata-transport module. The issue arises from the lack of error handling in the ata tlink add() function, where the return value of transport add device() is not checked. This results in a null pointer dereference when removing the module, as transport remove device() is called to remove a device that was not added. The error occurs at virtual address 00000000000000d0 and is related to the device del() function.

Recommendations To resolve this issue, check and handle the return value of transport add device() in ata tlink add(). This can be achieved by verifying the return value and taking appropriate actions to prevent the null pointer dereference. As a temporary workaround, consider disabling the ata tlink add() function until a patch is available. However, the most effective solution is to update to a version of the Linux kernel that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it is recommended to keep the kernel up to date to ensure the latest security patches are applied.