CVE-2022-48636

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48636
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48636.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48636
Downstream
Related
Published
2024-04-28T12:59:28.858Z
Modified
2026-05-15T11:53:20.401325299Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: fix Oops in dasdaliasgetstartdev due to missing pavgroup

Fix Oops in dasdaliasgetstartdev() function caused by the pavgroup pointer being NULL.

The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasdaliasgetstartdev() and lcuupdate() which sets pavgroup to NULL with the lcu->lock held.

Fix by checking the pavgroup pointer with lcu->lock held.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48636.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.25
Fixed
4.9.330
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.295
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.260
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.215
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.146
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.71
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.12

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48636.json"