CVE-2022-49900

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue occurs in the piix4 driver, where the adapter is not properly removed when the piix4 module is removed. This happens because the piix4 adapter count variable is not set correctly for single adapters, causing the adapter to not be removed and resulting in memory leaks. These leaked resources can still be accessed by the i2c bus, leading to problems. An easily reproducible case is when a new adapter is registered after removing the piix4 module, causing the i2c bus to access the leaked adapter and attempt to call the already freed smbus algorithm function.

Recommendations To fix this problem, correctly set piix4 adapter count as 1 for the single adapter so it can be normally removed. As a temporary workaround, consider disabling the piix4 probe() function until a patch is available. Restrict access to the vulnerable piix4 module to minimize the risk of exploitation. Avoid using the i2c add adapter() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.