CVE-2022-49492

MEDIUM 5.5

nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (typically -ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which is checked immediately after the call. However, when we return the error message up the stack, to nvme_reset_work the error takes us to nvme_remove_dead_ctrl() nvme_dev_disable() nvme_suspend_queue(&dev->queues[0]). Here, we only check that the admin_q is non-NULL, rather than not an error or NULL, and begin quiescing a queue that never existed, leading to bad / NULL pointer dereference.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Feb 26, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < 8321b17789f614414206af07e17ce4751c95dc76 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < 9e649471b396fa0139d53919354ce1eace9b9a24 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < 8da2b7bdb47e94bbc4062a3978c708926bcb022c 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < f76729662650cd7bc8f8194e057af381370349a7 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < af98940dd33c9f9e1beb4f71c0a39260100e2a65 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < 906c81dba8ee8057523859b5e1a2479e9fd34860 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < 7a28556082d1fbcbc599baf1c24252dfc73efefc 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < 54a4c1e47d1b2585e74920399455bd9abbfb2bd7 35b489d32fcc37e8735f41aa794b24cf9d1e74f5 < da42761181627e9bdc37d18368b827948a583929

Linux / Linux

3.19

References

NVD ↗ CVE.org ↗ EPSS Data ↗