Null Pointer Dereference in IBM Power 9 Linux Kernel SCSI Driver
CVE-2022-49703

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
26 February 2025

What is CVE-2022-49703?

A vulnerability in the Linux kernel's SCSI driver for IBM Power 9 hardware can lead to a null pointer dereference under specific circumstances. During the allocation of sub-channel request queues (subcrqs), the back pointer from the queue to the vhost adapter is not assigned until after registering interrupt requests. This could result in a crash if a pending subcrq interrupt is replayed upon IRQ registration, allowing the kernel to attempt to read from an invalid memory address. This problem was particularly noted during kexec/kdump scenarios. Implementing a fix ensures that the back pointer is correctly set during initial allocation, mitigating the risk of dereferencing invalid memory and preventing the potential crash.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 3034ebe26389740bb6b4a463e05afb51dc93c336 < 8540f66196ca35b7b5e902932571c18b9fde0cd1

Linux 3034ebe26389740bb6b4a463e05afb51dc93c336 < 6d38e3b614ded59da8b95377a98df969a5a5627a

Linux 3034ebe26389740bb6b4a463e05afb51dc93c336

References

https://git.kernel.org/stable/c/8540f66196ca35b7b5e902932...
https://git.kernel.org/stable/c/6d38e3b614ded59da8b95377a...
https://git.kernel.org/stable/c/aeaadcde1a60138bceb65de3c...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.