NULL Pointer Dereference in Linux Kernel's ata_host_alloc_pinfo Function
CVE-2022-49731

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 February 2025

Summary

A vulnerability exists in the Linux kernel related to the ata_host_alloc_pinfo function, where a NULL pointer dereference may occur if the 'ppi' parameter erroneously points to an array starting with a NULL. This situation could lead to a kernel oops and potential system instability. The issue has been addressed by ensuring that the 'pi' local variable is initialized to a non-NULL reference, thereby preventing the malfunction and enhancing the robustness of the kernel. This vulnerability was identified by the Linux Verification Center using static analysis tools.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1ac5efee33f29e704226506d429b84575a5d66f8

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec...

https://git.kernel.org/stable/c/1ac5efee33f29e704226506d4...

https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b...

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025