Lucene search

LinuxCVE-2022-48908

HistoryAug 22, 2024 - 2:15 a.m.

CVE-2022-48908

2024-08-2202:15:05

CWE-476

Linux

web.nvd.nist.gov

linux kernel

net vulnerability

arcnet

com20020

null pointer dereference

driver initialization

cve-2022-48908

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()

During driver initialization, the pointer of card info, i.e. the
variable ‘ci’ is required. However, the definition of
‘com20020pci_id_table’ reveals that this field is empty for some
devices, which will cause null pointer dereference when initializing
these devices.

The following log reveals it:

[ 3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[ 3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci]
[ 3.975181] Call Trace:
[ 3.976208] local_pci_probe+0x13f/0x210
[ 3.977248] pci_device_probe+0x34c/0x6d0
[ 3.977255] ? pci_uevent+0x470/0x470
[ 3.978265] really_probe+0x24c/0x8d0
[ 3.978273] __driver_probe_device+0x1b3/0x280
[ 3.979288] driver_probe_device+0x50/0x370

Fix this by checking whether the ‘ci’ is a null pointer first.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange3.18–4.9.305

linuxlinux_kernelRange4.10–4.14.270

linuxlinux_kernelRange4.15–4.19.233

linuxlinux_kernelRange4.20–5.4.183

linuxlinux_kernelRange5.5–5.10.104

linuxlinux_kernelRange5.11–5.15.27

linuxlinux_kernelRange5.16–5.16.13

linuxlinux_kernelMatch5.17rc1

linuxlinux_kernelMatch5.17rc2

linuxlinux_kernelMatch5.17rc3

linuxlinux_kernelMatch5.17rc4

linuxlinux_kernelMatch5.17rc5

linuxlinux_kernelMatch5.17rc6

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*
linuxlinux_kernel5.17cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc3::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc4::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc5::::::
linux	linux_kernel	5.17	cpe:2.3:o:linux:linux_kernel:5.17:rc6::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/arcnet/com20020-pci.c"
    ],
    "versions": [
      {
        "version": "8c14f9c70327",
        "lessThan": "8e3bc7c5bbf8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "b1ee6b9340a3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "b838add93e1d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "e50c589678e5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "5f394102ee27",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "ea372aab5490",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "ca0bdff4249a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8c14f9c70327",
        "lessThan": "bd6f1fd5d33d",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/arcnet/com20020-pci.c"
    ],
    "versions": [
      {
        "version": "3.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.18",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.305",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.270",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.233",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.183",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.104",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.27",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.13",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]