CVE-2022-48703

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-48703

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48703.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-48703

Downstream

AZL-57755

DEBIAN-CVE-2022-48703

OESA-2024-1941

OESA-2024-1942

RHSA-2024:9315

ROOT-OS-DEBIAN-11-CVE-2022-48703

ROOT-OS-UBUNTU-2204-CVE-2022-48703

SUSE-SU-2024:1644-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2189-1

SUSE-SU-2025:0231-1

UBUNTU-CVE-2022-48703

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7774-5

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

Related

Published

2024-05-03T15:14:07.390Z

Modified

2026-06-03T03:54:34.433341893Z

Summary

thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR

Details

In the Linux kernel, the following vulnerability has been resolved:

thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR

In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZEROSIZEPTR (0x10).

Then the datavaultread() got NULL point dereference problem when accessing the 0x10 value in data_vault.

[ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010

This patch uses ZEROORNULLPTR() for checking ZEROSIZEPTR or NULL value in datavault.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48703.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0ba13c763aacb27ab32bde5d559bf40e88465921

Fixed

722588f17fd3d3a127e50718ec2caf22bd7e9daa

Fixed

39d5137085a6c37ace4680ee4d24020a4a03e7dc

Fixed

dae42083b045a4ddf71c57cf350cb2412b5915c2

Fixed

7931e28098a4c1a2a6802510b0cbe57546d2049d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48703.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.8.0

Fixed

5.10.258

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.189

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.19.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48703.json"