5.5

CVE-2022-48879

EPSS 0.01%
Published 21.08.2024 07:15:04
Last modified 29.08.2024 02:39:34
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

efi: fix NULL-deref in init error path

In cases where runtime services are not supported or have been disabled,
the runtime services workqueue will never have been allocated.

Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.19.142 < 4.19.270

Linux ≫ Linux Kernel Version >= 5.4.61 < 5.4.229

Linux ≫ Linux Kernel Version >= 5.9 < 5.10.164

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.89

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5

Patch

https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794

Patch

https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452

Patch

https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104

Patch

https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747

Patch

https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48879

EUVD