CVE-2022-49308

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as state_show() intermittently before dev_set_drvdata() is done. And it can be a cause of kernel Oops because of edev is Null at that time. So modified the driver registration to after setting drviver data. - Oops's backtrace. Backtrace: [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show) [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show) [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show) [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read) [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read) [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read) [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read) [<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read) [<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read) [<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)

Vendor	Product	Versions
Linux	Linux	affected `de55d8716ac50a356cea736c29bb7db5ac3d0190 - < 6e721f3ad0535b24f19a62420f4da95212cf069c` affected `de55d8716ac50a356cea736c29bb7db5ac3d0190 - < cb81ea998c461868d1168411a867d8ffee12f23f` affected `de55d8716ac50a356cea736c29bb7db5ac3d0190 - < d472c78cc82999d07bd09193a6718016ce9cd386` affected `de55d8716ac50a356cea736c29bb7db5ac3d0190 - < abf3b222614f49f98e606fccdd269161c0d70204` affected `de55d8716ac50a356cea736c29bb7db5ac3d0190 - < 368e68ad6da4317fc4170e8d92b51c13d1bfe7a7` +3 more versions
Linux	Linux	affected `3.5` unaffected `0 - < 3.5` unaffected `4.14.283 - <= 4.14.` unaffected `4.19.247 - <= 4.19.` unaffected `5.4.198 - <= 5.4.*` +5 more versions