CVE-2022-49308 Information

Description

In the Linux kernel the following vulnerability has been resolved:

extcon: Modify extcon device to be created after driver data is set

Currently someone can invoke the sysfs such as state_show() intermittently before dev_set_drvdata() is done. And it can be a cause of kernel Oops because of edev is Null at that time. So modified the driver registration to after setting drviver data.

• Oops’s backtrace.

Backtrace: [] (state_show) from [] (dev_attr_show) [] (dev_attr_show) from [] (sysfs_kf_seq_show) [] (sysfs_kf_seq_show) from [] (kernfs_seq_show) [] (kernfs_seq_show) from [] (seq_read) [] (seq_read) from [] (kernfs_fop_read) [] (kernfs_fop_read) from [] (__vfs_read) [] (__vfs_read) from [] (vfs_read) [] (vfs_read) from [] (ksys_read) [] (ksys_read) from [] (sys_read) [] (sys_read) from [] (__sys_trace_return)

Reference

https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7 https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189 https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204 https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386