CVE-2022-49376
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sd_probe() sees an early error before sdkp->device is initialized, sd_zbc_release_disk() is called. This causes a NULL pointer dereference when sd_is_zoned() is called inside that function. Avoid this by removing the call to sd_zbc_release_disk() in sd_probe() error path. This change is safe and does not result in zone information memory leakage because the zone information for a zoned disk is allocated only when sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set, resulting in sd_disk_release() being called when needed to cleanup a disk zone information using sd_zbc_release_disk().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 89d9475610771b5e5fe1879075f0fc9ba6e3755f - < c1f0187025905e9981000d44a92e159468b561a8affected 89d9475610771b5e5fe1879075f0fc9ba6e3755f - < 0fcb0b131cc90c8f523a293d84c58d0c7273c96faffected 89d9475610771b5e5fe1879075f0fc9ba6e3755f - < 78f8e96df06e2d04d82d4071c299b59d28744f47affected 89d9475610771b5e5fe1879075f0fc9ba6e3755f - < 3733439593ad12f7b54ae35c273ea6f15d692de3affected 89d9475610771b5e5fe1879075f0fc9ba6e3755f - < 05fbde3a77a4f1d62e4c4428f384288c1f1a0be5 |
Linux | Linux | affected 4.10unaffected 0 - < 4.10unaffected 5.10.122 - <= 5.10.*unaffected 5.15.47 - <= 5.15.*unaffected 5.17.15 - <= 5.17.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now