CVE-2022-48908

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()<br /> <br /> During driver initialization, the pointer of card info, i.e. the<br /> variable &amp;#39;ci&amp;#39; is required. However, the definition of<br /> &amp;#39;com20020pci_id_table&amp;#39; reveals that this field is empty for some<br /> devices, which will cause null pointer dereference when initializing<br /> these devices.<br /> <br /> The following log reveals it:<br /> <br /> [ 3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]<br /> [ 3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci]<br /> [ 3.975181] Call Trace:<br /> [ 3.976208] local_pci_probe+0x13f/0x210<br /> [ 3.977248] pci_device_probe+0x34c/0x6d0<br /> [ 3.977255] ? pci_uevent+0x470/0x470<br /> [ 3.978265] really_probe+0x24c/0x8d0<br /> [ 3.978273] __driver_probe_device+0x1b3/0x280<br /> [ 3.979288] driver_probe_device+0x50/0x370<br /> <br /> Fix this by checking whether the &amp;#39;ci&amp;#39; is a null pointer first.