CVE-2022-49029

hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free().

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a patch
https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb patch
https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10 patch
https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 patch
https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd patch
https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a patch
https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863 patch
https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2 patch

Frequently Asked Questions

What is the severity of CVE-2022-49029?
CVE-2022-49029 has been scored as a high severity vulnerability.
How to fix CVE-2022-49029?
To fix CVE-2022-49029, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49029 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49029 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49029?
CVE-2022-49029 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.