CVE-2022-49029

hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails

Smatch report warning as follows:

drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn:
'&data->list' not removed from list

If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will
be freed, but data->list will not be removed from driver_data.bmc_data,
then list traversal may cause UAF.

Fix by removeing it from driver_data.bmc_data before free().

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2024-10-21 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a	2022-12-08
https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb	2022-12-08
https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10	2022-12-08
https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3	2022-12-08
https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd	2022-12-08
https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a	2022-12-08
https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863	2022-12-08
https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2	2022-11-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 4.9.335 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 4.9.335"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 4.14.301 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 4.14.301"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 4.19.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 4.19.268"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 5.4.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 5.4.226"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 5.10.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 5.10.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 5.15.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 5.15.82"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 6.0.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 6.0.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.24 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.24 < 6.1"		en		Affected