NVD

CVE-2022-49029 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free().

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10	kernel.org	Patch
https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a	kernel.org	Patch
https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb	kernel.org	Patch
https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3	kernel.org	Patch
https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd	kernel.org	Patch
https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2	kernel.org	Patch
https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863	kernel.org	Patch
https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a	kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-416	Use After Free	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 10/24/2024 11:59:48 AM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE		NIST CWE-416
Added	CPE Configuration		OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 2.6.24 up to (excluding) 4.9.335 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.10 up to (excluding) 4.14.301 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.15 up to (excluding) 4.19.268 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 up to (excluding) 5.4.226 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.158 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.82 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.0.12 cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::* cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::* cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::* cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::* cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::* cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::* cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::*
Changed	Reference Type	https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10 No Types Assigned	https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a No Types Assigned	https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a Patch
Changed	Reference Type	https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb No Types Assigned	https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb Patch
Changed	Reference Type	https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 No Types Assigned	https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd No Types Assigned	https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd Patch
Changed	Reference Type	https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2 No Types Assigned	https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863 No Types Assigned	https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a No Types Assigned	https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a Patch

New CVE Received from kernel.org 10/21/2024 4:15:13 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free().
Added	Reference	kernel.org https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2022-49029
NVD Published Date:
10/21/2024
NVD Last Modified:
10/24/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2022-49029 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 10/24/2024 11:59:48 AM

New CVE Received from kernel.org 10/21/2024 4:15:13 PM

Quick Info