PT-2025-8310 · Linux+4 · Linux Kernel+4

Dongliang Mu

Published

2023-05-09

Updated

2025-09-29

CVE-2022-49376

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential NULL pointer dereference issue has been identified in the Linux kernel. The problem occurs when the sd probe() function encounters an early error before the sdkp->device is initialized, leading to the sd zbc release disk() function being called. This results in a NULL pointer dereference when sd is zoned() is called within that function. The issue is resolved by removing the call to sd zbc release disk() in the sd probe() error path. This change does not cause zone information memory leakage because the zone information for a zoned disk is allocated only when sd revalidate disk() is called.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880

CESA-2023_2951

CVE-2022-49376

OPENSUSE-SU-2025_1263-1

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8310 · Linux+4 · Linux Kernel+4

CVE-2022-49376

Weakness Enumeration

Related Identifiers

Affected Products

References · 1343