VYPR
Unrated severityNVD Advisory· Published Oct 21, 2024· Updated May 4, 2025

hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails

CVE-2022-49029

Description

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails

Smatch report warning as follows:

drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list

If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF.

Fix by removeing it from driver_data.bmc_data before free().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

134

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.