{"id":"CVE-2022-49839","summary":"scsi: scsi_transport_sas: Fix error handling in sas_phy_add()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_transport_sas: Fix error handling in sas_phy_add()\n\nIf transport_add_device() fails in sas_phy_add(), the kernel will crash\ntrying to delete the device in transport_remove_device() called from\nsas_remove_host().\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000108\nCPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc1+ #173\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x54/0x3d0\nlr : device_del+0x37c/0x3d0\nCall trace:\n device_del+0x54/0x3d0\n attribute_container_class_device_del+0x28/0x38\n transport_remove_classdev+0x6c/0x80\n attribute_container_device_trigger+0x108/0x110\n transport_remove_device+0x28/0x38\n sas_phy_delete+0x30/0x60 [scsi_transport_sas]\n do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x40/0x50 [scsi_transport_sas]\n sas_remove_host+0x20/0x38 [scsi_transport_sas]\n hisi_sas_remove+0x40/0x68 [hisi_sas_main]\n hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw]\n platform_remove+0x2c/0x60\n\nFix this by checking and handling return value of transport_add_device()\nin sas_phy_add().","modified":"2026-04-03T13:14:38.072659Z","published":"2025-05-01T14:09:55.599Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:01982-1","SUSE-SU-2025:01995-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49839.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03aabcb88aeeb7221ddb6196ae84ad5fb17b743f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f21d653c648735657e23948b1d7ac7273de0f87"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5d7bebf2dfb0dc97aac1fbace0910e557ecdb16f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c736876ee294bb4f271d76a25cc7d70c8537bc5d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49839.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49839"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c7ebbbce366c02e5657ac6b6059933fe0353b175"},{"fixed":"03aabcb88aeeb7221ddb6196ae84ad5fb17b743f"},{"fixed":"2f21d653c648735657e23948b1d7ac7273de0f87"},{"fixed":"c736876ee294bb4f271d76a25cc7d70c8537bc5d"},{"fixed":"5d7bebf2dfb0dc97aac1fbace0910e557ecdb16f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49839.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}