CVE-2022-50481

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s cxl subsystem where a null pointer dereference could occur in the cxl guest init afu or cxl guest init adapter functions. This happens if device register() fails during the registration of a Coherent Accelerator Processor (CXL) adapter or Accelerated Processing Unit (AFU). Specifically, if the device is not added due to the failure of device register(), device unregister() might be called in the error path, leading to a null pointer dereference because the device was never added. The issue arises from the lack of releasing the device reference in the error path of device register(). The fix involves splitting device unregister() into device del() and put device(), ensuring the reference is released when registration fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.