CVE-2022-49805 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()

lan966x_stats_init() calls create_singlethread_workqueue() and not checked the ret value which may return NULL. And a null-ptr-deref may happen:

lan966x_stats_init() create_singlethread_workqueue() failed lan966x->stats_queue is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() warning here but continue __queue_work() access wq->flags null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Reference

https://git.kernel.org/stable/c/4a43c1c6040e848e1344c7b16ac696b68fbc439c https://git.kernel.org/stable/c/ba86af3733aece88dbcee0dfebf7e2dcfefb2be4