CVE-2022-49308

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as state_show() intermittently before dev_set_drvdata() is done. And it can be a cause of kernel Oops because of edev is Null at that time. So modified the driver registration to after setting drviver data. - Oops's backtrace. Backtrace: [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show) [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show) [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show) [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read) [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read) [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read) [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read) [<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read) [<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read) [<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)

CVSS Score

Affected Products

References

• https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1cPatch
• https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994bPatch
• https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7Patch
• https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189Patch
• https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069cPatch
• https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204Patch
• https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23fPatch
• https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386Patch