CVE-2022-48735

EPSS 0.02%
Published 20.06.2024 12:15:11
Last modified 23.05.2025 20:48:34
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix UAF of leds class devs at unbinding

The LED class devices that are created by HD-audio codec drivers are
registered via devm_led_classdev_register() and associated with the
HD-audio codec device.  Unfortunately, it turned out that the devres
release doesn't work for this case; namely, since the codec resource
release happens before the devm call chain, it triggers a NULL
dereference or a UAF for a stale set_brightness_delay callback.

For fixing the bug, this patch changes the LED class device register
and unregister in a manual manner without devres, keeping the
instances in hda_gen_spec.

Affected products Warnungen 0 Metrics 2 CWE 2 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.9 < 5.10.99

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.22

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.8

Linux ≫ Linux Kernel Version5.17 Updaterc1

Linux ≫ Linux Kernel Version5.17 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0e629052f013eeb61494d4df2f1f647c2a9aef47

Patch

https://git.kernel.org/stable/c/549f8ffc7b2f7561bea7f90930b6c5104318e87b

Patch

https://git.kernel.org/stable/c/813e9f3e06d22e29872d4fd51b54992d89cf66c8

Patch

https://git.kernel.org/stable/c/a7de1002135cf94367748ffc695a29812d7633b5

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48735

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48735

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48735

EUVD