4 matches found
CVE-2022-48703
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
CVE-2022-48703
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
CVE-2022-48703 thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
CVE-2022-48703
CVE-2022-48703 affects the Linux kernel’s thermal/int340x_thermal code path. A GDDV package can return a zero-length buffer, causing kmemdup() to yield ZERO_SIZE_PTR and data_vault_read() to dereference NULL. The patch fixes this by introducing checks that treat ZERO_SIZE_PTR and NULL as invalid,...