{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49826","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-05-01T14:05:17.228Z","datePublished":"2025-05-01T14:09:46.145Z","dateUpdated":"2026-05-11T19:07:31.213Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:07:31.213Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of 'ap->host'.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G            E      6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/ata/libata-transport.c"],"versions":[{"version":"2623c7a5f2799569d8bb05eb211da524a8144cb3","lessThan":"30e12e2be27ac6c4be2af4163c70db381364706f","status":"affected","versionType":"git"},{"version":"2623c7a5f2799569d8bb05eb211da524a8144cb3","lessThan":"bec9ded5404cb14e5f5470103d0973a2ff83d6a5","status":"affected","versionType":"git"},{"version":"2623c7a5f2799569d8bb05eb211da524a8144cb3","lessThan":"ac471468f7c16cda2525909946ca13ddbcd14000","status":"affected","versionType":"git"},{"version":"2623c7a5f2799569d8bb05eb211da524a8144cb3","lessThan":"377ff82c33c0cb74562a353361b64b33c09562cf","status":"affected","versionType":"git"},{"version":"2623c7a5f2799569d8bb05eb211da524a8144cb3","lessThan":"865a6da40ba092c18292ae5f6194756131293745","status":"affected","versionType":"git"},{"version":"2623c7a5f2799569d8bb05eb211da524a8144cb3","lessThan":"8c76310740807ade5ecdab5888f70ecb6d35732e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/ata/libata-transport.c"],"versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","status":"unaffected","versionType":"semver"},{"version":"4.19.267","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.225","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.156","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.80","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.10","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"4.19.267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.4.225"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.15.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f"},{"url":"https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5"},{"url":"https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000"},{"url":"https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf"},{"url":"https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745"},{"url":"https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e"}],"title":"ata: libata-transport: fix double ata_host_put() in ata_tport_add()","x_generator":{"engine":"bippy-1.2.0"}}}}