CVE-2022-48663
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
28/04/2024
Last modified:
14/01/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gpio: mockup: fix NULL pointer dereference when removing debugfs<br />
<br />
We now remove the device&#39;s debugfs entries when unbinding the driver.<br />
This now causes a NULL-pointer dereference on module exit because the<br />
platform devices are unregistered *after* the global debugfs directory<br />
has been recursively removed. Fix it by unregistering the devices first.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.144 (including) | 5.10.146 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15.69 (including) | 5.15.71 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.19.10 (including) | 5.19.12 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/18352095a0d581f6aeb1e9fc9d68cc0152cd64b4
- https://git.kernel.org/stable/c/af0bfabf06c74c260265c30ba81a34e7dec0e881
- https://git.kernel.org/stable/c/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68
- https://git.kernel.org/stable/c/bdea98b98f844bd8a983ca880893e509a8b4162f
- https://git.kernel.org/stable/c/18352095a0d581f6aeb1e9fc9d68cc0152cd64b4
- https://git.kernel.org/stable/c/af0bfabf06c74c260265c30ba81a34e7dec0e881
- https://git.kernel.org/stable/c/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68
- https://git.kernel.org/stable/c/bdea98b98f844bd8a983ca880893e509a8b4162f