5.5
CVE-2022-48703
- EPSS 0.23%
- Veröffentlicht 03.05.2024 16:15:08
- Zuletzt bearbeitet 01.06.2026 17:16:21
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.19.9
Linux ≫ Linux Kernel Version6.0 Updaterc1
Linux ≫ Linux Kernel Version6.0 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.134 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d
https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2
https://git.kernel.org/stable/c/39d5137085a6c37ace4680ee4d24020a4a03e7dc
https://git.kernel.org/stable/c/722588f17fd3d3a127e50718ec2caf22bd7e9daa