CVE-2022-48953

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rtc: cmos: Fix event handler registration ordering issue<br /> <br /> Because acpi_install_fixed_event_handler() enables the event<br /> automatically on success, it is incorrect to call it before the<br /> handler routine passed to it is ready to handle events.<br /> <br /> Unfortunately, the rtc-cmos driver does exactly the incorrect thing<br /> by calling cmos_wake_setup(), which passes rtc_handler() to<br /> acpi_install_fixed_event_handler(), before cmos_do_probe(), because<br /> rtc_handler() uses dev_get_drvdata() to get to the cmos object<br /> pointer and the driver data pointer is only populated in<br /> cmos_do_probe().<br /> <br /> This leads to a NULL pointer dereference in rtc_handler() on boot<br /> if the RTC fixed event happens to be active at the init time.<br /> <br /> To address this issue, change the initialization ordering of the<br /> driver so that cmos_wake_setup() is always called after a successful<br /> cmos_do_probe() call.<br /> <br /> While at it, change cmos_pnp_probe() to call cmos_do_probe() after<br /> the initial if () statement used for computing the IRQ argument to<br /> be passed to cmos_do_probe() which is cleaner than calling it in<br /> each branch of that if () (local variable "irq" can be of type int,<br /> because it is passed to that function as an argument of type int).<br /> <br /> Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check<br /> ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number<br /> of systems, because previously it only affected systems with<br /> ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that<br /> commit.