CVE-2022-48636

2024-04-2813:15:00

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

resolved vulnerability

s390/dasd

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 6.0.2-1linux_6.0.2-1_all.deb
Debian11alllinux< 5.10.148-1linux_5.10.148-1_all.deb
Debian10alllinux< 4.19.260-1linux_4.19.260-1_all.deb
Debian999alllinux< 6.0.2-1linux_6.0.2-1_all.deb
Debian13alllinux< 6.0.2-1linux_6.0.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 6.0.2-1	linux_6.0.2-1_all.deb
Debian	11	all	linux	< 5.10.148-1	linux_5.10.148-1_all.deb
Debian	10	all	linux	< 4.19.260-1	linux_4.19.260-1_all.deb
Debian	999	all	linux	< 6.0.2-1	linux_6.0.2-1_all.deb
Debian	13	all	linux	< 6.0.2-1	linux_6.0.2-1_all.deb