vulnerability

Debian: CVE-2022-49376: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	2025-02-27	2025-02-27	2025-04-16

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

2025-02-27

Added

2025-02-27

Modified

2025-04-16

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: Fix potential NULL pointer dereference

If sd_probe() sees an early error before sdkp->device is initialized,
sd_zbc_release_disk() is called. This causes a NULL pointer dereference
when sd_is_zoned() is called inside that function. Avoid this by removing
the call to sd_zbc_release_disk() in sd_probe() error path.

This change is safe and does not result in zone information memory leakage
because the zone information for a zoned disk is allocated only when
sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set,
resulting in sd_disk_release() being called when needed to cleanup a disk
zone information using sd_zbc_release_disk().

Solution

debian-upgrade-linux

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today