CVE-2022-49825

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tport_delete+0x34/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tport_add().

The following products are affected by CVE-2022-49825 vulnerability.

No data.

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49825.

URL	Resource
https://git.kernel.org/stable/c/3613dbe3909dcc637fe6be00e4dc43b4aa0470ee
https://git.kernel.org/stable/c/52d9bb0adae9359711a0c5271430afd3754069e7
https://git.kernel.org/stable/c/b5362dc1634d8b8d5f30920f33ac11a3276b7ed9
https://git.kernel.org/stable/c/e7bb1b7a7bf26f6b7372b7b683daece4a42fda02
https://lore.kernel.org/linux-cve-announce/2025050134-CVE-2022-49825-38fd@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49825
https://www.cve.org/CVERecord?id=CVE-2022-49825