CVE-2022-48908
- Source
- https://cve.org/CVERecord?id=CVE-2022-48908
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48908.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48908
- Downstream
- Published
- 2024-08-22T01:30:49.441Z
- Modified
- 2026-03-20T12:22:00.818219Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
During driver initialization, the pointer of card info, i.e. the variable 'ci' is required. However, the definition of 'com20020pciidtable' reveals that this field is empty for some devices, which will cause null pointer dereference when initializing these devices.
The following log reveals it:
[ 3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 3.973819] RIP: 0010:com20020pciprobe+0x18d/0x13e0 [com20020pci] [ 3.975181] Call Trace: [ 3.976208] localpciprobe+0x13f/0x210 [ 3.977248] pcideviceprobe+0x34c/0x6d0 [ 3.977255] ? pciuevent+0x470/0x470 [ 3.978265] reallyprobe+0x24c/0x8d0 [ 3.978273] __driverprobedevice+0x1b3/0x280 [ 3.979288] driverprobedevice+0x50/0x370
Fix this by checking whether the 'ci' is a null pointer first.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48908.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/5f394102ee27dbf051a4e283390cd8d1759dacea
- https://git.kernel.org/stable/c/8e3bc7c5bbf87e86e9cd652ca2a9166942d86206
- https://git.kernel.org/stable/c/b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049
- https://git.kernel.org/stable/c/b838add93e1dd98210482dc433768daaf752bdef
- https://git.kernel.org/stable/c/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d
- https://git.kernel.org/stable/c/ca0bdff4249a644f2ca7a49d410d95b8dacf1f72
- https://git.kernel.org/stable/c/e50c589678e50f8d574612e473ca60ef45190896
- https://git.kernel.org/stable/c/ea372aab54903310756217d81610901a8e66cb7d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48908.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48908
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8c14f9c70327a6fb75534c4c61d7ea9c82ccf78fFixed8e3bc7c5bbf87e86e9cd652ca2a9166942d86206Fixedb1ee6b9340a38bdb9e5c90f0eac5b22b122c3049Fixedb838add93e1dd98210482dc433768daaf752bdefFixede50c589678e50f8d574612e473ca60ef45190896Fixed5f394102ee27dbf051a4e283390cd8d1759daceaFixedea372aab54903310756217d81610901a8e66cb7dFixedca0bdff4249a644f2ca7a49d410d95b8dacf1f72Fixedbd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d