CVE-2022-49895

Published: May 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allocation crash When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxl_port_attach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path. However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in the above case didn't exist. This causes a NULL pointer dereference BUG. To fix this, refactor the decoder allocation and de-allocation into helper routines, and in this 'free' routine, check that the decoder, @cxld, is valid before attempting any operations on it.

Vendor	Product	Versions
Linux	Linux	affected `384e624bb211b406db40edc900bb51af8bb267d0 - < c6813b5610ac53af73edd87a660d23a0511faa47` affected `384e624bb211b406db40edc900bb51af8bb267d0 - < 71ee71d7adcba648077997a29a91158d20c40b09`
Linux	Linux	affected `6.0` unaffected `0 - < 6.0` unaffected `6.0.8 - <= 6.0.` unaffected `6.1 - <= `

References

https://git.kernel.org/stable/c/c6813b5610ac53af73edd87a660d23a0511faa47

https://git.kernel.org/stable/c/71ee71d7adcba648077997a29a91158d20c40b09

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49895

Description

Affected Products

References