CVE-2022-49262

26.02.2025, 07:01

In the Linux kernel, the following vulnerability has been resolved:

crypto: octeontx2 - remove CONFIG_DM_CRYPT check

No issues were found while using the driver with dm-crypt enabled. So
CONFIG_DM_CRYPT check in the driver can be removed.

This also fixes the NULL pointer dereference in driver release if
CONFIG_DM_CRYPT is enabled.

...
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
...
Call trace:
 crypto_unregister_alg+0x68/0xfc
 crypto_unregister_skciphers+0x44/0x60
 otx2_cpt_crypto_exit+0x100/0x1a0
 otx2_cptvf_remove+0xf8/0x200
 pci_device_remove+0x3c/0xd4
 __device_release_driver+0x188/0x234
 device_release_driver+0x2c/0x4c
...

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.234-1 fixed
bookworm	6.1.123-1 fixed
bookworm (security)	6.1.128-1 fixed
trixie	6.12.12-1 fixed
sid	6.12.16-1 fixed

References

https://git.kernel.org/stable/c/2d841af23ae8f398c85dd1ff2dc24b5ec8ba4569

https://git.kernel.org/stable/c/a1bf728f3388ac3a2c2dffa57e25622e90b9f6f2

https://git.kernel.org/stable/c/a462214866eebbca87e13ff6d73092b1c4895624

https://git.kernel.org/stable/c/e6374086f249295121384bfaa7cdcc8d461146f0