CVE - CVE-2022-49257

CVE-ID
CVE-2022-49257	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix NULL dereference in error cleanup In watch_queue_set_size(), the error cleanup code doesn't take account of the fact that __free_page() can't handle a NULL pointer when trying to free up buffer pages that did get allocated. Fix this by only calling __free_page() on the pages actually allocated. Without the fix, this can lead to something like the following: BUG: KASAN: null-ptr-deref in __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473 Read of size 4 at addr 0000000000000034 by task syz-executor168/3599 ... Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __kasan_report mm/kasan/report.c:446 [inline] kasan_report.cold+0x66/0xdf mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:71 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline] page_ref_count include/linux/page_ref.h:67 [inline] put_page_testzero include/linux/mm.h:717 [inline] __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473 watch_queue_set_size+0x499/0x630 kernel/watch_queue.c:275 pipe_ioctl+0xac/0x2b0 fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/112a2f9b0a8457794095a0450598f150724ec456 URL:https://git.kernel.org/stable/c/112a2f9b0a8457794095a0450598f150724ec456 MISC:https://git.kernel.org/stable/c/5ae75b4ed30322b42abaa75ef1b784addfdb7dc9 URL:https://git.kernel.org/stable/c/5ae75b4ed30322b42abaa75ef1b784addfdb7dc9 MISC:https://git.kernel.org/stable/c/695c47cea02b9101e2fc2e7d36d552128592b347 URL:https://git.kernel.org/stable/c/695c47cea02b9101e2fc2e7d36d552128592b347 MISC:https://git.kernel.org/stable/c/a635415a064e77bcfbf43da413fd9dfe0bbed9cb URL:https://git.kernel.org/stable/c/a635415a064e77bcfbf43da413fd9dfe0bbed9cb MISC:https://git.kernel.org/stable/c/b6f5ad3e45d19f9c4ee3e8a2aff829f28d68591d URL:https://git.kernel.org/stable/c/b6f5ad3e45d19f9c4ee3e8a2aff829f28d68591d
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)