{"id":"CVE-2022-49826","summary":"ata: libata-transport: fix double ata_host_put() in ata_tport_add()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-transport: fix double ata_host_put() in ata_tport_add()\n\nIn the error path in ata_tport_add(), when calling put_device(),\nata_tport_release() is called, it will put the refcount of 'ap-\u003ehost'.\n\nAnd then ata_host_put() is called again, the refcount is decreased\nto 0, ata_host_release() is called, all ports are freed and set to\nnull.\n\nWhen unbinding the device after failure, ata_host_stop() is called\nto release the resources, it leads a null-ptr-deref(), because all\nthe ports all freed and null.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G            E      6.1.0-rc3+ #8\npstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ata_host_stop+0x3c/0x84 [libata]\nlr : release_nodes+0x64/0xd0\nCall trace:\n ata_host_stop+0x3c/0x84 [libata]\n release_nodes+0x64/0xd0\n devres_release_all+0xbc/0x1b0\n device_unbind_cleanup+0x20/0x70\n really_probe+0x158/0x320\n __driver_probe_device+0x84/0x120\n driver_probe_device+0x44/0x120\n __driver_attach+0xb4/0x220\n bus_for_each_dev+0x78/0xdc\n driver_attach+0x2c/0x40\n bus_add_driver+0x184/0x240\n driver_register+0x80/0x13c\n __pci_register_driver+0x4c/0x60\n ahci_pci_driver_init+0x30/0x1000 [ahci]\n\nFix this by removing redundant ata_host_put() in the error path.","modified":"2026-04-03T13:14:50.960143Z","published":"2025-05-01T14:09:46.145Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:01982-1","SUSE-SU-2025:01983-1","SUSE-SU-2025:01995-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49826.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/377ff82c33c0cb74562a353361b64b33c09562cf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/865a6da40ba092c18292ae5f6194756131293745"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c76310740807ade5ecdab5888f70ecb6d35732e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac471468f7c16cda2525909946ca13ddbcd14000"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bec9ded5404cb14e5f5470103d0973a2ff83d6a5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49826.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49826"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2623c7a5f2799569d8bb05eb211da524a8144cb3"},{"fixed":"30e12e2be27ac6c4be2af4163c70db381364706f"},{"fixed":"bec9ded5404cb14e5f5470103d0973a2ff83d6a5"},{"fixed":"ac471468f7c16cda2525909946ca13ddbcd14000"},{"fixed":"377ff82c33c0cb74562a353361b64b33c09562cf"},{"fixed":"865a6da40ba092c18292ae5f6194756131293745"},{"fixed":"8c76310740807ade5ecdab5888f70ecb6d35732e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49826.json"}}],"schema_version":"1.7.5"}