Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2022-48703

HistoryMay 03, 2024 - 4:15 p.m.

CVE-2022-48703

2024-05-0316:15:08

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

vulnerability

cve-2022-48703

thermal

int340x_thermal

data_vault

null pointer

dereference

patch

unix

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.19.11-1linux_5.19.11-1_all.deb
Debian11alllinux<= 5.10.218-1linux_5.10.218-1_all.deb
Debian999alllinux< 5.19.11-1linux_5.19.11-1_all.deb
Debian13alllinux< 5.19.11-1linux_5.19.11-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.19.11-1	linux_5.19.11-1_all.deb
Debian	11	all	linux	<= 5.10.218-1	linux_5.10.218-1_all.deb
Debian	999	all	linux	< 5.19.11-1	linux_5.19.11-1_all.deb
Debian	13	all	linux	< 5.19.11-1	linux_5.19.11-1_all.deb